Download Print this page

SMC Networks SMC8748ML3 Management Manual

Gigabit ethernet switch

Hide thumbs Also See for SMC8748ML3:

Technical specifications (2 pages)

,

Installation manual (92 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual

TigerStack 1000

Gigabit Ethernet Switch

◆ 24/48 auto-MDI/MDI-X 10/100/1000BASE-T ports

◆ 4 RJ-45 ports shared with 4 SFP transceiver slots

◆ 1 10GBASE extender module slot

◆ Non-blocking switching architecture

◆ Support for a redundant power unit

◆ Spanning Tree Protocol, RSTP, and MSTP

◆ Up to 32 LACP or static 8-port trunks

◆ Layer 2/3/4 CoS support through eight priority queues

◆ Layer 3/4 traffic priority with IP Precedence and IP DSCP

◆ Full support for VLANs with GVRP

◆ IGMP multicast filtering and snooping

◆ Support for jumbo frames up to 9 KB

◆ Manageable via console, Web, SNMP/RMON

◆ Security features: ACL, RADIUS, 802.1x

◆ Routing features: IP/RIP routing, OSPF, VRRP, CIDR

Management Guide

SMC8724ML3

SMC8748ML3

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the SMC8748ML3 and is the answer not in the manual?

Questions and answers

Summary of Contents for SMC Networks SMC8748ML3

Page 1 ◆ Full support for VLANs with GVRP ◆ IGMP multicast filtering and snooping ◆ Support for jumbo frames up to 9 KB ◆ Manageable via console, Web, SNMP/RMON ◆ Security features: ACL, RADIUS, 802.1x ◆ Routing features: IP/RIP routing, OSPF, VRRP, CIDR Management Guide SMC8724ML3 SMC8748ML3...
Page 3 TigerStack 1000 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 38 Tesla Irvine, CA 92618 June 2005 Phone: (949) 679-8000 Pub. # 149100023600A...
Page 4 Irvine, CA 92618 All rights reserved. Printed in Taiwan Trademarks: SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
Page 5 All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term.
Page 6 RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS. * SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.
Page 7: Table Of Contents
ABLE OF ONTENTS Introduction ........1-1 Key Features ..........1-1 Description of Software Features .
Page 8 ABLE OF ONTENTS Configuration Options ....... . . 3-4 Panel Display ........3-4 Main Menu .
Page 9 ABLE OF ONTENTS Setting SNMPv3 Views ......3-72 User Authentication ........3-74 Configuring User Accounts .
Page 10 ABLE OF ONTENTS Setting Broadcast Storm Thresholds ....3-140 Configuring Port Mirroring ......3-142 Configuring Rate Limits .
Page 11 ABLE OF ONTENTS Layer 3/4 Priority Settings ......3-209 Mapping Layer 3/4 Priorities to CoS Values ..3-209 Selecting IP Precedence/DSCP Priority .
Page 12 ABLE OF ONTENTS IP Switching ........3-266 Routing Path Management .
Page 13 ABLE OF ONTENTS Displaying Information on Border Routers ... 3-333 Displaying Information on Neighbor Routers ..3-334 Command Line Interface ..... . 4-1 Using the Command Line Interface .
Page 14 ABLE OF ONTENTS General Commands ........4-26 enable .
Page 15 ABLE OF ONTENTS show ssh ........4-55 show public-key .
Page 16 ABLE OF ONTENTS dir ..........4-88 whichboot .
Page 17 ABLE OF ONTENTS permit, deny (Extended ACL) ..... 4-119 show ip access-list ....... 4-121 access-list ip mask-precedence .
Page 18 ABLE OF ONTENTS DHCP Commands ........4-157 DHCP Client .
Page 19 ABLE OF ONTENTS Interface Commands ........4-186 interface .
Page 20 ABLE OF ONTENTS spanning-tree max-age ....... 4-226 spanning-tree priority ....... . 4-227 spanning-tree pathcost method .
Page 21 ABLE OF ONTENTS show pvlan ........4-258 Configuring Protocol-based VLANs .
Page 22 ABLE OF ONTENTS set ..........4-291 police .
Page 23 ABLE OF ONTENTS IP Routing Commands ........4-317 Global Routing Configuration .
Page 24 ABLE OF ONTENTS ip ospf message-digest-key ......4-358 ip ospf cost ........4-359 ip ospf dead-interval .
Page 25 ABLE OF ONTENTS PPENDICES Software Specifications ......A-1 Software Features ......... . . A-1 Management Features .
Page 26 ABLE OF ONTENTS xxvi...
Page 27 ABLES Table 1-1. Key Features ........1-1 Table 1-2 System Defaults .
Page 28 ABLES Table 4-13 HTTPS System Support ......4-43 Table 4-14 Telnet Server Commands ......4-44 Table 4-15 Secure Shell Commands .
Page 29 ABLES Table 4-49 show interfaces switchport - display description ..4-200 Table 4-51 Rate Limit Commands ......4-203 Table 4-52 Link Aggregation Commands .
Page 30 ABLES Table 4-87 Open Shortest Path First Commands ....4-338 Table 4-88 show ip ospf - display description ....4-364 Table 4-89 show ip ospf border-routers - display description .
Page 31 IGURES Figure 3-1 Home Page ........3-3 Figure 3-2 Front Panel Indicators .
Page 32 IGURES Figure 3-37 SSH Host-Key Settings ......3-87 Figure 3-38 SSH Server Settings ......3-89 Figure 3-39 Port Security .
Page 33 IGURES Figure 3-74 MSTP Port Configuration ..... . . 3-180 Figure 3-75 Globally Enabling GVRP ..... . . 3-185 Figure 3-76 VLAN Basic Information .
Page 34 IGURES Figure 3-111 DHCP Server - IP Binding ..... . 3-253 Figure 3-112 VRRP Group Configuration ....3-260 Figure 3-113 VRRP Group Configuration Detail .
Page 35: Introduction
HAPTER NTRODUCTION This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Page 36: Table 1-1. Key Features
EATURES Table 1-1 Key Features (Continued) Feature Description Port Mirroring One or more ports mirrored to single analysis port Port Trunking Supports up to 32 trunks using either static or dynamic trunking (LACP) Broadcast Storm Supported Control Address Table Up to 16K MAC addresses in forwarding table, 1024 static MAC addresses;...
Page 37: Description Of Software Features
NTRODUCTION Description of Software Features The switch provides a wide range of advanced performance enhancing features. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network. Untagged (port-based), tagged, and protocol-based VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth.
Page 38 ESCRIPTION OF OFTWARE EATURES or to implement security controls by restricting access to specific network resources or protocols. DHCP Server and DHCP Relay – A DHCP server is provided to assign IP addresses to host devices. Since DHCP uses a broadcast mechanism, a DHCP server and its client must physically reside on the same subnet.
Page 39 (CRC). This prevents bad frames from entering the network and wasting bandwidth. To avoid dropping frames on congested ports, the SMC8724ML3 and SMC8748ML3 provide 2 MB and 4 MB, respectively, for frame buffering. This buffer can queue packets awaiting transmission on congested networks.
Page 40 ESCRIPTION OF OFTWARE EATURES Spanning Tree Algorithm – The switch supports these spanning tree protocols: Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop detection and recovery by allowing two or more redundant connections to be created between a pair of LAN segments. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network.
Page 41 NTRODUCTION switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can: • Eliminate broadcast storms which severely degrade performance in a flat network. • Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.
Page 42 ESCRIPTION OF OFTWARE EATURES easily link network segments or VLANs together without having to deal with the bottlenecks or configuration hassles normally associated with conventional routers. Routing for unicast traffic is supported with the Routing Information Protocol (RIP) and the Open Shortest Path First (OSPF) protocol. RIP –...
Page 43: System Defaults
NTRODUCTION Quality of Service – Differentiated Services (DiffServ) provides policy-based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence or DSCP values, or VLAN lists.
Page 44 YSTEM EFAULTS Table 1-2 System Defaults (Continued) Function Parameter Default Authentication Privileged Exec Level Username “admin” Password “admin” Normal Exec Level Username “guest” Password “guest” Enable Privileged Exec Password “super” from Normal Exec Level RADIUS Authentication Disabled TACACS Authentication Disabled 802.1X Port Authentication Disabled HTTPS Enabled...
Page 45 NTRODUCTION Table 1-2 System Defaults (Continued) Function Parameter Default Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP (all ports) Disabled Broadcast Storm Status Enabled (all ports) Protection Broadcast Limit Rate 500 packets per second Spanning Tree Status Enabled, RSTP Algorithm...
Page 46: Table 1-2 System Defaults
YSTEM EFAULTS Table 1-2 System Defaults (Continued) Function Parameter Default IP Settings Management. VLAN Any VLAN configured with an IP address IP Address 0.0.0.0 Subnet Mask 255.0.0.0 Default Gateway 0.0.0.0 DHCP Client: Enabled Relay: Disabled Server: Disabled Server: Disabled BOOTP Disabled Enabled Cache Timeout: 20 minutes...
Page 47: Initial Configuration
HAPTER NITIAL ONFIGURATION Connecting to the Switch Configuration Options The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).
Page 48 ONNECTING TO THE WITCH The switch’s web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions: • Set user names and passwords • Set an IP interface for any VLAN • Configure SNMP parameters •...
Page 49: Required Connections
NITIAL ONFIGURATION Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch. Note: When configuring a stack, connect to the console port on the Master unit.
Page 50: Remote Connections
ONNECTING TO THE WITCH ® ® Notes: 1. When using HyperTerminal with Microsoft Windows 2000, make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s VT100 emulation.
Page 51: Stack Operations
NITIAL ONFIGURATION computer using a web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using SNMP network management software. Note: The onboard program only provides access to basic configuration functions. To access the full range of SNMP management functions, you must use SNMP-based network management software.
Page 52: Selecting The Backup Unit
TACK PERATIONS • If the Master unit fails and another unit takes over control of the stack, the unit numbering will not change. • If a unit in the stack fails or is removed from the stack, the unit numbers will not change. This means that when you replace a unit in the stack, the original configuration for the failed unit will be restored to the replacement unit.
Page 53: Broken Link For Line And Wrap-Around Topologies
NITIAL ONFIGURATION a new unit in the stack will cause the stack to reboot. If a unit is removed from the stack (due to a power down or failure) or a new unit added to the stack, the original unit IDs are not affected after rebooting, and a new unit is assigned the lowest available unit ID.
Page 54: Resilient Configuration
ASIC ONFIGURATION other units within this VLAN interface, then this IP address will no longer be available. To retain a constant IP address for management access across fail over events, you should include port members on several units within the primary VLAN used for stack management. Resilient Configuration If a unit in the stack fails, the unit numbers will not change.
Page 55: Setting Passwords
4. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter>. Username: admin Password: CLI session with the SMC8748ML3 is opened. To end the CLI session, enter [Exit]. Console#configure Console(config)#username guest password 0 [password]...
Page 56: Setting An Ip Address
ASIC ONFIGURATION Setting an IP Address You must establish IP address information for the stack to obtain management access through the network. This can be done in either of the following ways: Manual — You have to input the information, including IP address and subnet mask.
Page 57: Dynamic Configuration
NITIAL ONFIGURATION 3. Type “exit” to return to the global configuration mode prompt. Press <Enter>. 4. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway. Press <Enter>. Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit...
Page 58: Enabling Snmp Management Access
ASIC ONFIGURATION 3. Type “end” to return to the Privileged Exec mode. Press <Enter>. 4. Type “ip dhcp restart client” to begin broadcasting service requests. Press <Enter>. 5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface”...
Page 59: Community Strings (For Snmp Version 1 And 2C Clients)
NITIAL ONFIGURATION string that provides read access to the entire MIB tree, and a default view for the “private” community string that provides read/write access to the entire MIB tree. However, you may assign new views to version 1 or 2c community strings that suit your specific security requirements (see page 3-72).
Page 60: Trap Receivers
ASIC ONFIGURATION Note: If you do not intend to support access to SNMP version 1 and 2c clients, we recommend that you delete both of the default community strings. If there are no community strings, then SNMP management access from SNMP v1 and v2c clients is disabled. Trap Receivers You can also specify SNMP stations that are to receive traps from the switch.
Page 61: Saving Configuration Settings
NITIAL ONFIGURATION the last step, it assigns a v3 user to this group, indicating that MD5 will be used for authentication, provides the password “greenpeace” for authentication, and the password “einstien” for encryption. Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included Console(config)#snmp-server group r&d v3 auth mib-2 802.1d Console(config)#snmp-server user steve group r&d v3 auth md5 greenpeace priv des56 einstien...
Page 62: Managing System Files
ANAGING YSTEM ILES Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.
Page 63 NITIAL ONFIGURATION In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operation code files set as the start-up file are run, and then the start-up configuration file is loaded.
Page 64 ANAGING YSTEM ILES 2-18...
Page 65: Configuring The Switch
HAPTER ONFIGURING THE WITCH Using the Web Interface This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).
Page 66 ONFIGURING THE WITCH Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is terminated. 2. If you log into the web interface as guest (Normal Exec level), you can view the configuration settings or change the guest password.
Page 67: Navigating The Web Browser Interface
The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics. Figure 3-1 Home Page Note: The examples in this chapter are based on the SMC8724ML3. Other than the number of fixed ports, there are no major differences between the SMC8724ML3 and SMC8748ML3.
Page 68: Configuration Options
ONFIGURING THE WITCH Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons.
Page 69: Main Menu
AVIGATING THE ROWSER NTERFACE Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Table 3-2 Switch Main Menu Menu Description...
Page 70 ONFIGURING THE WITCH Table 3-2 Switch Main Menu (Continued) Menu Description Page SNTP 3-48 Configuration Configures SNTP client settings, including a 3-48 specified list of servers Clock Time Zone Sets the local time zone for the system clock 3-49 SNMP 3-50 Configuration Configures community strings and related...
Page 71 AVIGATING THE ROWSER NTERFACE Table 3-2 Switch Main Menu (Continued) Menu Description Page 802.1X Port authentication 3-93 Information Displays global configuration settings 3-94 Configuration Configures global configuration parameters 3-95 Port Configuration Sets the authentication mode for individual 3-96 ports Statistics Displays protocol statistics for the selected 3-99 port...
Page 72 ONFIGURING THE WITCH Table 3-2 Switch Main Menu (Continued) Menu Description Page Port Neighbors Displays settings and operational state for the 3-138 Information remote side Port Broadcast Control Sets the broadcast storm threshold for each 3-140 port Trunk Broadcast Control Sets the broadcast storm threshold for each 3-140 trunk Mirror Port...
Page 73 AVIGATING THE ROWSER NTERFACE Table 3-2 Switch Main Menu (Continued) Menu Description Page Port Configuration Configures individual port settings for STA 3-170 Trunk Configuration Configures individual trunk settings for STA 3-170 MSTP VLAN Configuration Configures priority and VLANs for a 3-173 spanning tree instance Port Information...
Page 74 ONFIGURING THE WITCH Table 3-2 Switch Main Menu (Continued) Menu Description Page Private VLAN Status Enables or disables the private VLAN 3-197 Link Status Configures the private VLAN 3-198 Protocol VLAN Configuration Creates a protocol group, specifying the 3-200 supported protocols Port Configuration Maps a protocol group to a VLAN 3-201...
Page 75 AVIGATING THE ROWSER NTERFACE Table 3-2 Switch Main Menu (Continued) Menu Description Page 3-216 DiffServ Configure QoS classification criteria and 3-216 service policies Class Map Creates a class map for a type of traffic 3-218 Policy Map Creates a policy map for multiple interfaces 3-221 Service Policy Applies a policy map defined to an ingress...
Page 76 ONFIGURING THE WITCH Table 3-2 Switch Main Menu (Continued) Menu Description Page DHCP 3-242 Relay Configuration Specifies DHCP relay servers; enables or 3-242 disables relay service Server Configures DHCP server parameters 3-242 General Enables DHCP server; configures excluded 3-245 address range Pool Configuration Configures address pools for network groups 3-246...
Page 77 AVIGATING THE ROWSER NTERFACE Table 3-2 Switch Main Menu (Continued) Menu Description Page Statistics 3-282 Shows statistics for IP traffic, including the 3-282 amount of traffic, address errors, routing, fragmentation and reassembly ICMP Shows statistics for ICMP traffic, including 3-284 the amount of traffic, protocol errors, and the number of echoes, timestamps, and address masks...
Page 78 ONFIGURING THE WITCH Table 3-2 Switch Main Menu (Continued) Menu Description Page Routing Protocol 3-268 3-292 General Settings Enables or disables RIP, sets the global RIP 3-293 version and timer values Network Addresses Configures the network interfaces that will 3-295 use RIP Interface Settings Configures RIP parameters for each interface,...
Page 79: Basic Configuration
ASIC ONFIGURATION Table 3-2 Switch Main Menu (Continued) Menu Description Page NSSA Settings Configures settings for importing routes into 3-329 or exporting routes out of not-so-stubby areas Link State Database Shows information about different OSPF 3-330 Information Link State Advertisements (LSAs) stored in this router’s database Border Router Displays routing table entries for area border...
Page 80: Figure 3-3 System Information
ONFIGURING THE WITCH • Web secure server – Shows if management access via HTTPS is enabled. • Web secure server port – Shows the TCP port used by the HTTPS interface. • Telnet server – Shows if management access via Telnet is enabled. •...
Page 81: Displaying Switch Hardware/Software Versions
ASIC ONFIGURATION CLI – Specify the hostname, location and contact information. Console(config)#hostname R&D 5 4-34 Console(config)#snmp-server location WC 9 4-143 Console(config)#snmp-server contact Ted 4-142 Console(config)#exit Console#show system 4-80 System description: SMC8724ML3 L3 GE Switch System OID string: 1.3.6.1.4.1.202.20.45 System information System Up time: 0 days, 1 hours, 28 minutes, and 0.51 seconds...
Page 82: Figure 3-4 Switch Information
ONFIGURING THE WITCH • Internal Power Status – Displays the status of the internal power supply. Management Software • EPLD Version – Version number of EEPROM Programmable Logic Device. • Loader Version – Version number of loader code. • Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code.
Page 83: Displaying Bridge Extension Capabilities
ASIC ONFIGURATION CLI – Use the following command to display version information. Console#show version 4-81 Unit 1 Serial number: A422000632 Hardware version: EPLD version: 15.15 Number of ports: Main power status: Redundant power status: not present Agent (master) Unit ID: Loader version: 1.0.1.3 Boot ROM version:...
Page 84: Figure 3-5 Displaying Bridge Extension Configuration
ONFIGURING THE WITCH • Local VLAN Capable – This switch does not support multiple local bridges outside of the scope of 802.1Q defined VLANs. • GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to register endstations with multicast groups. This switch does not support GMRP;...
Page 85: Configuring Support For Jumbo Frames
ASIC ONFIGURATION Configuring Support for Jumbo Frames The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9000 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
Page 86: Setting The Switch's Ip Address
ONFIGURING THE WITCH Setting the Switch’s IP Address This section describes how to configure an initial IP interface for management access over the network. The IP address for this stack is obtained via DHCP by default. To manually configure an address, you need to change the stack’s default settings to values that are compatible with your network.
Page 87: Manual Configuration
ASIC ONFIGURATION • IP Address Mode – Specifies whether IP functionality is enabled via manual configuration (Static), Dynamic Host Configuration Protocol (DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled, IP will not function until a reply has been received from the server. Requests will be broadcast periodically by the switch for an IP address.
Page 88: Figure 3-8 Default Gateway
ONFIGURING THE WITCH Click IP, Global Setting. If this stack and management stations exist on other network segments, then specify the default gateway, and click Apply. Figure 3-8 Default Gateway CLI – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 4-187...
Page 89: Using Dhcp/Bootp
ASIC ONFIGURATION Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the stack to be dynamically configured by these services. Web – Click IP, General, Routing Interface. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP.
Page 90 ONFIGURING THE WITCH CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart client” command. Console#config Console(config)#interface vlan 1 4-187 Console(config-if)#ip address dhcp 4-308 Console(config-if)#end Console#ip dhcp restart client 4-158 Console#show ip interface 4-311...
Page 91: Managing Firmware
ASIC ONFIGURATION Managing Firmware You can upload/download firmware to or from a TFTP server, or copy files to and from switch units in a stack. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation.
Page 92: Downloading System Software From A Server
ONFIGURING THE WITCH Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replace the current image, or first download the file using a different name from the current runtime code file, and then set the new file as the startup file.
Page 93: Figure 3-11 Setting The Startup Code
ASIC ONFIGURATION If you download to a new destination file, go to the File Management, Set Start-Up menu, mark the operation code file used at startup, and click Apply. To start the new firmware, reboot the system via the System/Reset menu.
Page 94: Saving Or Restoring Configuration Settings
ONFIGURING THE WITCH CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “config” as the file type, then enter the source and destination file names. When the file has finished downloading, set the new file to start up the system, and then restart the switch.
Page 95 ASIC ONFIGURATION - running-config to tftp – Copies the running configuration to a TFTP server. - startup-config to file – Copies the startup configuration to a file on the switch. - startup-config to running-config – Copies the startup config to the running config.
Page 96: Downloading Configuration Settings From A Server
ONFIGURING THE WITCH Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “Factory_Default_Config.cfg”...
Page 97: Figure 3-14 Setting The Startup Configuration Settings
ASIC ONFIGURATION If you download to a new file name using “tftp to startup-config” or “tftp to file,” the file is automatically set as the start-up configuration file. To use the new settings, reboot the system via the System/Reset menu. You can also select any configuration file as the start-up configuration by using the System/File Management/Set Start-Up page.
Page 98: Console Port Settings
ONFIGURING THE WITCH Console Port Settings You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port. Management access through the console port is controlled by various parameters, including a password, timeouts, and basic communication settings. These parameters can be configured via the web or CLI interface.
Page 99: Figure 3-15 Configuring The Console Port
ASIC ONFIGURATION device connected to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud, Auto; Default: Auto) • Stop Bits – Sets the number of the stop bits transmitted per byte. (Range: 1-2; Default: 1 stop bit) • Password –...
Page 100: Telnet Settings
ONFIGURING THE WITCH CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the current console port settings, use the show line command from the Normal Exec level. Console(config)#line console 4-15 Console(config-line)#login local 4-16 Console(config-line)#password 0 secret 4-17...
Page 101: Figure 3-16 Configuring The Telnet Interface
ASIC ONFIGURATION interval, the connection is terminated for the session. (Range: 0 - 300 seconds; Default: 300 seconds) • Exec Timeout – Sets the interval that the system waits until user input is detected. If user input is not detected within the timeout interval, the current session is terminated.
Page 102: Configuring Event Logging
ONFIGURING THE WITCH CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display the current virtual terminal settings, use the show line command from the Normal Exec level. Console(config)#line vty 4-15 Console(config-line)#login local 4-16 Console(config-line)#password 0 secret...
Page 103: Table 3-3 Logging Levels
ASIC ONFIGURATION Command Attributes • System Log Status – Enables/disables the logging of debug or error messages to the logging process. (Default: Enabled) • Flash Level – Limits log messages saved to the switch’s permanent flash memory for all levels up to the specified level. For example, if level 3 is specified, all messages from level 0 to level 3 will be logged to flash.
Page 104: Figure 3-17 System Logs
ONFIGURING THE WITCH Web – Click System, Logs, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash memory, then click Apply. Figure 3-17 System Logs CLI – Enable system logging and then specify the level of messages to be logged to RAM and flash memory.
Page 105: Remote Log Configuration
ASIC ONFIGURATION Remote Log Configuration The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations. You can also limit the event messages sent to only those messages at or above a specified level.
Page 106: Figure 3-18 Remote Logs
ONFIGURING THE WITCH Web – Click System, Logs, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add. To delete an IP address, click the entry in the Host IP List, and then click Remove.
Page 107: Displaying Log Messages
ASIC ONFIGURATION Displaying Log Messages Use the Logs page to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory.
Page 108: Sending Simple Mail Transfer Protocol Alerts
ONFIGURING THE WITCH Sending Simple Mail Transfer Protocol Alerts To alert system administrators of problems, the switch can use SMTP (Simple Mail Transfer Protocol) to send email messages when triggered by logging events of a specified level. The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients.
Page 109: Figure 3-20 Enabling And Configuring Smtp Alerts
ASIC ONFIGURATION Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an IP address to the SMTP Server List, type the new IP address in the SMTP Server field and click Add.
Page 110: Renumbering The Stack
ONFIGURING THE WITCH CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the logging sendmail command to complete the configuration.
Page 111: Resetting The System
ASIC ONFIGURATION Command Usage • The startup configuration file maps configuration settings to each switch in the stack based on the unit identification number. You should therefore remember to save the current configuration after renumbering the stack. • For a line topology, the stack is numbered from top to bottom, with the first unit in the stack designated at unit 1.
Page 112: Setting The System Clock
ONFIGURING THE WITCH Setting the System Clock Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries.
Page 113: Setting The Time Zone
ASIC ONFIGURATION Web – Select SNTP, Configuration. Modify any of the required parameters, and click Apply. Figure 3-23 SNTP Configuration CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings. Console(config)#sntp client 4-70 Console(config)#sntp poll 16...
Page 114: Simple Network Management Protocol
ONFIGURING THE WITCH • Minutes (0-59) – The number of minutes before/after UTC. • Direction – Configures the time zone to be before (east) or after (west) UTC. Web – Select SNTP, Clock Time Zone. Set the offset for your time zone relative to the UTC, and click Apply.
Page 115 3. This agent continuously monitors the status of the switch hardware, as well as the traffic passing through its ports. A network management station can access this information using software such as SMC EliteView. Access to the onboard agent from clients using SNMP v1 and v2c is controlled by community strings.
Page 116: Table 3-4 Snmpv3 Security Models And Levels
ONFIGURING THE WITCH and v2c. The following table shows the security models and levels available and the system default settings. Table 3-4 SNMPv3 Security Models and Levels Model Level Group Read Write Notify Security View View View noAuth public defaultview none none Community string NoPriv...
Page 117: Enabling The Snmp Agent
IMPLE ETWORK ANAGEMENT ROTOCOL Enabling the SNMP Agent Enables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command Attributes SNMP Agent Status – Enables SNMP on the switch. Web – Click SNMP, Agent Status. Enable the SNMP Agent by marking the Enabled checkbox, and click Apply.
Page 118: Specifying Trap Managers And Trap Types
You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as SMC EliteView). You can specify up to five management stations that will receive authentication failure messages and other trap messages from the switch.
Page 119 IMPLE ETWORK ANAGEMENT ROTOCOL Command Usage • If you specify an SNMP Version 3 host, then the “Trap Manager Community String” is interpreted as an SNMP user name. If you use V3 authentication or encryption options (authNoPriv or authPriv), the user name must first be defined in the SNMPv3 Users page (page 3-60).
Page 120 ONFIGURING THE WITCH Command Attributes • Trap Manager Capability – This switch supports up to five trap managers. • Current – Displays a list of the trap managers currently configured. • Trap Manager IP Address – IP address of a new management station to receive notification messages.
Page 121: Figure 3-27 Configuring Snmp Trap Managers
IMPLE ETWORK ANAGEMENT ROTOCOL • Enable Authentication Traps – Issues a notification message to specified IP trap managers whenever authentication of an SNMP request fails. (Default: Enabled) • Enable Link-up and Link-down Traps – Issues a notification message whenever a port link is established or broken. (Default: Enabled) Web –...
Page 122: Configuring Snmpv3 Management Access
ONFIGURING THE WITCH Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch, follow these steps: 1. If you want to change the default engine ID, do so before configuring other SNMP parameters. 2. Specify read and write access views for the switch MIB tree. 3.
Page 123: Specifying A Remote Engine Id
IMPLE ETWORK ANAGEMENT ROTOCOL Web – Click SNMP, SNMPv3, Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save. Figure 3-28 Setting the SNMPv3 Engine ID CLI – This example sets an SNMPv3 engine ID. Console(config)#snmp-server engine-id local 12345abcdef 4-147 Console(config)#exit...
Page 124: Configuring Snmpv3 Users
ONFIGURING THE WITCH The engine ID can be specified by entering 1 to 26 hexadecimal characters. If less than 26 characters are specified, trailing zeroes are added to the value. For example, the value “1234” is equivalent to “1234” followed by 22 zeroes.
Page 125 IMPLE ETWORK ANAGEMENT ROTOCOL • Security Level – The security level used for the user: - noAuthNoPriv – There is no authentication or encryption used in SNMP communications. (This is the default for SNMPv3.) - AuthNoPriv – SNMP communications use authentication, but the data is not encrypted (only available for the SNMPv3 security model).
Page 126: Figure 3-30 Configuring Snmpv3 Users
ONFIGURING THE WITCH Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, then click Delete.
Page 127: Configuring Remote Snmpv3 Users
IMPLE ETWORK ANAGEMENT ROTOCOL CLI – Use the snmp-server user command to configure a new user name and assign it to a group. Console(config)#snmp-server user chris group r&d v3 auth md5 greenpeace priv des56 einstien 4-154 Console(config)#exit Console#show snmp user 4-156 EngineId: 80000034030001f488f5200000 User Name: chris...
Page 128 ONFIGURING THE WITCH Command Attributes • User Name – The name of user connecting to the SNMP agent. (Range: 1-32 characters) • Group Name – The name of the SNMP group to which the user is assigned. (Range: 1-32 characters) •...
Page 129: Figure 3-31 Configuring Remote Snmpv3 Users
IMPLE ETWORK ANAGEMENT ROTOCOL Web – Click SNMP, SNMPv3, Remote Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, then click Delete.
Page 130: Configuring Snmpv3 Groups
ONFIGURING THE WITCH CLI – Use the snmp-server user command to configure a new user name and assign it to a group. Console(config)#snmp-server user mark group r&d remote 192.168.1.19 v3 auth md5 greenpeace priv des56 einstien 4-154 Console(config)#exit Console#show snmp user 4-156 No user exist.
Page 131: Table 3-5 Supported Notification Messages
IMPLE ETWORK ANAGEMENT ROTOCOL • Notify View – The configured view for notifications. (Range: 1-64 characters) Table 3-5 Supported Notification Messages Object Label Object ID Description RFC 1493 Traps newRoot 1.3.6.1.2.1.17.0.1 The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree;...
Page 132 ONFIGURING THE WITCH Table 3-5 Supported Notification Messages (Continued) Object Label Object ID Description 1.3.6.1.6.3.1.1.5.3 A linkDown trap signifies that the linkDown SNMP entity, acting in an agent role, has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state (but not from the notPresent state).
Page 133 IMPLE ETWORK ANAGEMENT ROTOCOL Table 3-5 Supported Notification Messages (Continued) Object Label Object ID Description RMON Events (V2) risingAlarm 1.3.6.1.2.1.16.0.1 The SNMP trap that is generated when an alarm entry crosses its rising threshold and generates an event that is configured for sending SNMP traps.
Page 134 ONFIGURING THE WITCH Table 3-5 Supported Notification Messages (Continued) Object Label Object ID Description swThermalRising 1.3.6.1.4.1.202.6.10.65.2.1.0.58 This trap is sent when the Notification temperature exceeds the switchThermalActionRisingThre shold. swThermalFalling 1.3.6.1.4.1.202.6.10.65.2.1.0.59 This trap is sent when the Notification temperature falls below the switchThermalActionFallingThre shold.
Page 135: Figure 3-32 Configuring Snmpv3 Groups
IMPLE ETWORK ANAGEMENT ROTOCOL Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a security model and level, and then select read and write views. Click Add to save the new group and return to the Groups list.
Page 136: Setting Snmpv3 Views
ONFIGURING THE WITCH CLI – Use the snmp-server group command to configure a new group, specifying the security model and level, and restricting MIB access to defined read and write views. Console(config)#snmp-server group secure-users v3 priv read defaultview write defaultview notify defaultview 4-152 Console(config)#exit Console#show snmp group...
Page 137: Figure 3-33 Configuring Snmpv3 Views
IMPLE ETWORK ANAGEMENT ROTOCOL Web – Click SNMP, SNMPv3, Views. Click New to configure a new view. In the New View page, define a name and specify OID subtrees in the switch MIB to be included or excluded in the view. Click Back to save the new view and return to the SNMPv3 Views list.
Page 138: User Authentication
ONFIGURING THE WITCH CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the wildcard mask selects all index entries. Console(config)#snmp-server view ifEntry.a 1.3.6.1.2.1.2.2.1.1.* included 4-150 Console(config)#exit Console#show snmp view 4-151 View Name: ifEntry.a Subtree OID: 1.3.6.1.2.1.2.2.1.1.*...
Page 139: Configuring User Accounts
UTHENTICATION Configuring User Accounts The guest only has read access for most configuration parameters. However, the administrator has write access for all parameters governing the onboard agent. You should therefore assign a new administrator password as soon as possible, and store it in a safe place. The default guest name is “guest”...
Page 140: Configuring Local/Remote Logon Authentication
ONFIGURING THE WITCH Web – Click Security, User Accounts. To configure a new user account, enter the user name, access level, and password, then click Add. To change the password for a specific user, enter the user name and new password, confirm the password by entering it again, then click Apply.
Page 141 UTHENTICATION Remote Authentication Dial-in User Service (RADIUS) and Terminal console Access Controller Access Telnet Control System Plus (TACACS+) are logon 1. Client attempts management access. 2. Switch contacts authentication server. authentication protocols RADIUS/ 3. Authentication server challenges client. 4. Client responds with proper password or key. TACACS+ 5.
Page 142 ONFIGURING THE WITCH available, then authentication is attempted using the TACACS+ server, and finally the local user name and password is checked. Command Attributes • Authentication – Select the authentication, or authentication sequence required: - Local – User authentication is performed only locally by the switch. - Radius –...
Page 143: Figure 3-35 Authentication Server Settings
UTHENTICATION • TACACS Settings - Server IP Address – Address of the TACACS+ server. (Default: 10.11.12.13) - Server Port Number – Network (TCP) port of TACACS+ server used for authentication messages. (Range: 1-65535; Default: 49) - Secret Text String – Encryption key used to authenticate logon access for client.
Page 144: Configuring Https
ONFIGURING THE WITCH CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius 4-92 Console(config)#radius-server port 181 4-96 Console(config)#radius-server key green 4-96 Console(config)#radius-server retransmit 5 4-97 Console(config)#radius-server timeout 10 4-97 Console(config)#radius-server 1 host 192.168.1.25 4-95 Console(config)#exit Console#show radius-server 4-98 Remote RADIUS server configuration:...
Page 145: Table 3-6 Https System Support
UTHENTICATION • If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port_number] • When you start HTTPS, the connection is established in this way: - The client authenticates the server using the server’s digital certificate. - The client and server negotiate a set of security protocols to use for the connection.
Page 146: Replacing The Default Secure-Site Certificate
ONFIGURING THE WITCH Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply. Figure 3-36 HTTPS Settings CLI – This example enables the HTTP secure server and modifies the port number. Console(config)#ip http secure-server 4-42 Console(config)#ip http secure-port 441 4-43...
Page 147: Configuring The Secure Shell
UTHENTICATION When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-line interface to replace the default (unrecognized) certificate with an authorized one: Console#copy tftp https-certificate 4-84 TFTP server ip address: <server ip-address> Source certificate file name: <certificate file name>...
Page 148 ONFIGURING THE WITCH Command Usage The SSH server on this switch supports both password and public key authentication. If password authentication is specified by the SSH client, then the password can be authenticated either locally or via a RADIUS or TACACS+ remote authentication server, as specified on the Authentication Settings page (page 3-76).
Page 149 UTHENTICATION 1024 35 1341081685609893921040944920155425347631641921872958921143173880 05553616163105177594083868631109291232226828519254374603100937187721199696317 81366277414168985132049117204830339254324101637997592371449011938006090253948 40848271781943722884025331159521348610229029789827213532671316294325328189150 45306393916643 steve@192.168.1.19 4. Set the Optional Parameters – On the SSH Settings page, configure the optional parameters, including the authentication timeout, the number of retries, and the server key size. 5. Enable SSH Service – On the SSH Settings page, enable the SSH server on the switch.
Page 150: Generating The Host Key Pair
ONFIGURING THE WITCH Generating the Host Key Pair A host public/private key pair is used to provide secure communications between an SSH client and the switch. After generating this key pair, you must provide the host public key to SSH clients and import the client’s public key to the switch as described in the preceding section (Command Usage).
Page 151: Figure 3-37 Ssh Host-Key Settings
UTHENTICATION Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the host key from memory to flash (if required) prior to generating the key, and then click Generate. Figure 3-37 SSH Host-Key Settings 3-87...
Page 152: Configuring The Ssh Server
ONFIGURING THE WITCH CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then displays the host’s public keys. Console#ip ssh crypto host-key generate 4-48 Console#ip ssh save host-key 4-48 Console#show public-key host 4-48...
Page 153: Figure 3-38 Ssh Server Settings
UTHENTICATION • SSH Server-Key Size – Specifies the SSH server key size. (Range: 512-896 bits; Default: 768) - The server key is a private key that is never shared outside the switch. - The host key is shared with the SSH client, and is fixed at 1024 bits. Web –...
Page 154: Configuring Port Security
ONFIGURING THE WITCH Configuring Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
Page 155 UTHENTICATION • If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Configuration page (page 3-122). Command Attributes • Port – Port number. • Name – Descriptive text (page 4-187). •...
Page 156: Figure 3-39 Port Security
ONFIGURING THE WITCH Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox in the Status column to enable security for a port, set the maximum number of MAC addresses allowed on a port, and click Apply.
Page 157: Configuring 802.1X Port Authentication
UTHENTICATION Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data. The IEEE 802.1X (dot1x) standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication.
Page 158: Displaying 802.1X Global Settings
ONFIGURING THE WITCH RADIUS server verifies the client credentials and responds with an accept or reject packet. If authentication is successful, the switch allows the client to access the network. Otherwise, network access is denied and the port remains blocked. The operation of dot1x on the switch requires the following: •...
Page 159: Configuring 802.1X Global Settings
UTHENTICATION CLI – This example shows the default global setting for 802.1X. Console#show dot1x 4-110 Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized disabled Single-Host ForceAuthorized disabled Single-Host ForceAuthorized 802.1X Port Details 802.1X is disabled on port 1/1 802.1X is disabled on port 26 Console# Configuring 802.1X Global Settings...
Page 160: Configuring Port Settings For 802.1X
ONFIGURING THE WITCH Configuring Port Settings for 802.1X When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server.
Page 161: Figure 3-42 802.1X Port Configuration
UTHENTICATION • Quiet Period – Sets the time that a switch port waits after the Max Request count has been exceeded before attempting to acquire a new client. (Range: 1-65535 seconds; Default: 60 seconds) • Re-authentication Period – Sets the time period after which a connected client must be re-authenticated.
Page 162 ONFIGURING THE WITCH CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this example, see “show dot1x” on page 4-110. Console(config)#interface ethernet 1/2 4-187 Console(config-if)#dot1x port-control auto 4-106 Console(config-if)#dot1x re-authentication 4-108 Console(config-if)#dot1x max-req 5 4-105...
Page 163: Displaying 802.1X Statistics
UTHENTICATION Reauthentication State Machine State Initialize 802.1X is disabled on port 1/24 Console# Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Table 3-7 802.1X Statistics Parameter Description Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator.
Page 164: Figure 3-43 802.1X Port Statistics
ONFIGURING THE WITCH Table 3-7 802.1X Statistics (Continued) Parameter Description Tx EAP Req/Id The number of EAP Req/Id frames that have been transmitted by this Authenticator. Tx EAP Req/Oth The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator. Web –...
Page 165: Filtering Ip Addresses For Management Access
UTHENTICATION Filtering IP Addresses for Management Access You can create a list of up to 16 IP addresses or IP address groups that are allowed management access to the switch through the web interface, SNMP, or Telnet. Command Usage • The management interfaces are open to all IP addresses by default. Once you add an entry to a filter list, access to that interface is restricted to the specified addresses.
Page 166: Figure 3-44 Ip Filter
ONFIGURING THE WITCH Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interface, and click Add IP Filtering Entry. Figure 3-44 IP Filter CLI – This example restricts management access for Telnet clients. Console(config)#management telnet-client 192.168.1.19 4-38 Console(config)#management telnet-client 192.168.1.25 192.168.1.30...
Page 167: Access Control Lists
CCESS ONTROL ISTS Access Control Lists Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, specify a mask to modify the precedence in which the rules are checked, and then bind the list to a specific port.
Page 168: Setting The Acl Name And Type
ONFIGURING THE WITCH • When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind operation will fail. • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs.
Page 169: Configuring A Standard Ip Acl
CCESS ONTROL ISTS Web – Click Security, ACL, Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended, or MAC), and click Add to open the configuration page for the new list. Figure 3-45 Selecting ACL Type CLI –...
Page 170: Configuring An Extended Ip Acl
ONFIGURING THE WITCH Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Then click Add.
Page 171 CCESS ONTROL ISTS • Source/Destination Subnet Mask – Subnet mask for source or destination address. (See the description for SubMask on page 3-105.) • Service Type – Packet priority settings based on the following criteria: - Precedence – IP precedence level. (Range: 0-7) - TOS –...
Page 172: Figure 3-47 Acl Configuration - Extended Ip
ONFIGURING THE WITCH Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
Page 173: Configuring A Mac Acl
CCESS ONTROL ISTS 3. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.” Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any 4-119 Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any destination-port 80 Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any control-flag 2 2 Console(config-std-acl)# Configuring a MAC ACL Command Attributes...
Page 174: Figure 3-48 Acl Configuration - Mac
ONFIGURING THE WITCH Command Usage Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destination-mac-unknown packets. Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or MAC). If you select “Host,”...
Page 175: Configuring Acl Masks
CCESS ONTROL ISTS Configuring ACL Masks You must specify masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ingress or egress ACL.
Page 176: Specifying The Mask Type
ONFIGURING THE WITCH Specifying the Mask Type Use the ACL Mask Configuration page to edit the mask for the Ingress IP ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC ACL. Web – Click Security, ACL, Mask Configuration. Click Edit for one of the basic mask types to open the configuration page.
Page 177: Configuring An Ip Acl Mask
CCESS ONTROL ISTS Configuring an IP ACL Mask This mask defines the fields to check in the IP header. Command Usage Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes.
Page 178: Figure 3-50 Acl Mask Configuration - Ip
ONFIGURING THE WITCH Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source or destination address, a specific host address, or an address range. Include other criteria to search for in the rules, such as a protocol type or one of the service types.
Page 179: Configuring A Mac Acl Mask
CCESS ONTROL ISTS CLI – This shows that the entries in the mask override the precedence in which the rules are entered into the ACL. In the following example, packets with the source address 10.1.1.1 are dropped because the “deny 10.1.1.1 255.255.255.255”...
Page 180: Figure 3-51 Acl Mask Configuration - Mac
ONFIGURING THE WITCH Web – Configure the mask to match the required rules in the MAC ingress or egress ACLs. Set the mask to check for any source or destination address, a host address, or an address range. Use a bitmask to search for specific VLAN ID(s) or Ethernet type(s).
Page 181: Binding A Port To An Access Control List
CCESS ONTROL ISTS CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask. Console(config)#access-list mac M4 4-129 Console(config-mac-acl)#permit any any 4-130...
Page 182: Figure 3-52 Acl Port Binding
ONFIGURING THE WITCH • When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind operation will fail. • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs.
Page 183: Port Configuration
ONFIGURATION CLI – This examples assigns an IP and MAC ingress ACL to port 1, and an IP ingress ACL to port 2. Console(config)#interface ethernet 1/1 4-187 Console(config-if)#ip access-group david in 4-127 Console(config-if)#mac access-group jerry in 4-136 Console(config-if)#exit Console(config)#interface ethernet 1/2 Console(config-if)#ip access-group david in Console(config-if)# Port Configuration...
Page 184: Figure 3-53 Port - Port Information
ONFIGURING THE WITCH • Creation – Shows if a trunk is manually configured or dynamically set via LACP. Web – Click Port, Port Information or Trunk Information. Figure 3-53 Port - Port Information Field Attributes (CLI) Basic information: • Port type – Indicates the port type. (1000BASE-T, SFP, or 10GBASE-LR) •...
Page 185 • Port security action – Shows the response to take when a security violation is detected. (shutdown, trap, trap-and-shutdown) • Media type – Shows the forced/preferred port type to use for combination ports 21-24 (SMC8724ML3) or 45-48 (SMC8748ML3). (copper forced, SFP forced, SFP preferred auto) Current status: •...
Page 186: Configuring Interface Connections
ONFIGURING THE WITCH CLI – This example shows the connection status for Port 5. Console#show interfaces status ethernet 1/5 4-196 Information of Eth 1/13 Basic information: Port type: 1000T Mac address: 00-30-F1-D4-73-A5 Configuration: Name: Port admin: Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, 1000full Broadcast storm: Enabled...
Page 187 • Media Type – Shows the forced/preferred port type to use for the combination ports. (SMC8724ML3: Ports 21-24; SMC8748ML3: Ports 45-48) - Copper-Forced - Always uses the built-in RJ-45 port. - SFP-Forced - Always uses the SFP port (even if module is not installed).
Page 188: Figure 3-54 Port - Port Configuration
ONFIGURING THE WITCH Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply. Figure 3-54 Port - Port Configuration CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 4-187 Console(config-if)#description RD SW#13 4-187...
Page 189: Creating Trunk Groups
ONFIGURATION Creating Trunk Groups You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two devices (i.e., single switch or a stack). You can create up to 32 trunks.
Page 190: Statically Configuring A Trunk
ONFIGURING THE WITCH • The ports at both ends of a connection must be configured as trunk ports. • When configuring static trunks on switches of different types, they must be compatible with the Cisco EtherChannel standard. • The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed and duplex mode), VLAN assignments, and CoS settings.
Page 191: Figure 3-55 Static Trunk Configuration
ONFIGURATION Command Attributes • Member List (Current) – Shows configured trunks (Trunk ID, Unit, Port). • New – Includes entry fields for creating new trunks. - Trunk – Trunk identifier. (Range: 1-32) - Unit – Stack unit. (Range: 1-8) - Port – Port identifier. (Range: 1-25/49) Web –...
Page 192: Enabling Lacp On Selected Ports
ONFIGURING THE WITCH CLI – This example creates trunk 1 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch to form a trunk. Console(config)#interface port-channel 1 4-187 Console(config-if)#exit Console(config)#interface ethernet 1/9 4-187 Console(config-if)#channel-group 1 4-206 Console(config-if)#exit...
Page 193: Figure 3-56 Lacp Trunk Configuration
ONFIGURATION • A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. • If more than eight ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
Page 194: Configuring Lacp Parameters
ONFIGURING THE WITCH CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switch to form a trunk. Console(config)#interface ethernet 1/1 4-187 Console(config-if)#lacp 4-206 Console(config-if)#exit Console(config)#interface ethernet 1/6 Console(config-if)#lacp Console(config-if)#end Console#show interfaces status port-channel 1...
Page 195 ONFIGURATION of 0), this key is set to the same value as the port admin key used by the interfaces that joined the group (lacp admin key, as described in this section and on page 4-209). Command Attributes Set Port Actor – This menu sets the local side of an aggregate link; i.e., the ports on this switch.
Page 196: Figure 3-57 Lacp - Aggregation Port
ONFIGURING THE WITCH Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can optionally configure these settings for the Port Partner. (Be aware that these settings only affect the administrative state of the partner, and will not take effect until the next time an aggregate link is formed with this device.) After you have completed setting the port LACP parameters, click Apply.
Page 197: P Ort C Onfiguration
ONFIGURATION CLI – The following example configures LACP parameters for ports 1-10. Ports 1-8 are used as active members of the LAG, ports 9 and 10 are set to backup mode. Console(config)#interface ethernet 1/1 4-187 Console(config-if)#lacp actor system-priority 3 4-208 Console(config-if)#lacp actor admin-key 120 4-209 Console(config-if)#lacp actor port-priority 128...
Page 198: Displaying Lacp Port Counters
ONFIGURING THE WITCH Displaying LACP Port Counters You can display statistics for LACP protocol messages. Table 3-8 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group. LACPDUs Received Number of valid LACPDUs received by this channel group.
Page 199: Displaying Lacp Settings And Status For The Local Side
ONFIGURATION CLI – The following example displays LACP counters for port channel 1. Console#show lacp 1 counters 4-212 Port channel: 1 ------------------------------------------------------------------- Eth 1/ 2 ------------------------------------------------------------------- LACPDUs Sent: LACPDUs Receive: Marker Sent: Marker Receive: LACPDUs Unknown Pkts: 0 LACPDUs Illegal Pkts: 0 Displaying LACP Settings and Status for the Local Side You can display configuration settings and the operational state for the local side of an link aggregation.
Page 200 ONFIGURING THE WITCH Table 3-9 LACP Internal Configuration Information (Continued) Field Description LACP Port Priority LACP port priority assigned to this interface within the channel group. Admin State, Administrative or operational values of the actor’s state Oper State parameters: • Expired – The actor’s receive machine is in the expired state;...
Page 201: Figure 3-59 Lacp - Port Internal Information
ONFIGURATION Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information. Figure 3-59 LACP - Port Internal Information CLI – The following example displays the LACP configuration settings and operational state for the local side of port channel 1. Console#show lacp 1 internal 4-212 Port channel: 1...
Page 202: Displaying Lacp Settings And Status For The Remote Side
ONFIGURING THE WITCH Displaying LACP Settings and Status for the Remote Side You can display configuration settings and the operational state for the remote side of an link aggregation. Table 3-10 LACP Neighbor Configuration Information Field Description Partner Admin System LAG partner’s system ID assigned by the user.
Page 203: Figure 3-60 Lacp - Port Neighbors Information
ONFIGURATION Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information. Figure 3-60 LACP - Port Neighbors Information CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel 1. Console#show lacp 1 neighbors 4-212 Port channel 1 neighbors...
Page 204: Setting Broadcast Storm Thresholds
ONFIGURING THE WITCH Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.
Page 205: Figure 3-61 Port Broadcast Control
ONFIGURATION Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Check the Enabled box for any interface, set the threshold, and click Apply. Figure 3-61 Port Broadcast Control CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then sets broadcast suppression at 600 packets per second for port 2.
Page 206: Configuring Port Mirroring
ONFIGURING THE WITCH Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic Source Single analyzer or RMON probe to the target port(s) target port and study the traffic crossing the port source port in a completely unobtrusive manner.
Page 207: Figure 3-62 Mirror Port Configuration
ONFIGURATION Web – Click Port, Mirror Port Configuration. Specify the source port, the traffic type to be mirrored, and the monitor port, then click Add. Figure 3-62 Mirror Port Configuration CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port.
Page 208: Configuring Rate Limits
ONFIGURING THE WITCH Configuring Rate Limits This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the switch.
Page 209: Showing Port Statistics
ONFIGURATION Web - Click Port, Rate Limit, Input/Output Port/Trunk Configuration. Set the Input Rate Limit Status or Output Rate Limit Status, then set the rate limit for the individual interfaces, and click Apply. Figure 3-63 Rate Limit Configuration CLI - This example sets the rate limit for input and output traffic passing through port 1 to 600 Mbps.
Page 210: Table 3-11 Port Statistics
ONFIGURING THE WITCH since the last system reboot, and are shown as counts per second. Statistics are refreshed every 60 seconds by default. Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as HP OpenView. Table 3-11 Port Statistics Parameter Description...
Page 211 ONFIGURATION Table 3-11 Port Statistics (Continued) Parameter Description Transmit Multicast The total number of packets that higher-level protocols Packets requested be transmitted, and which were addressed to a multicast address at this sub-layer, including those that were discarded or not sent. Transmit Broadcast The total number of packets that higher-level protocols Packets...
Page 212 ONFIGURING THE WITCH Table 3-11 Port Statistics (Continued) Parameter Description Multiple Collision A count of successfully transmitted frames for which Frames transmission is inhibited by more than one collision. Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame.
Page 213 ONFIGURATION Table 3-11 Port Statistics (Continued) Parameter Description Multicast Frames The total number of good frames received that were directed to this multicast address. CRC/Alignment Errors The number of CRC/alignment errors (FCS or alignment errors). Undersize Frames The total number of frames received that were less than 64 octets long (excluding framing bits, but including FCS octets) and were otherwise well formed.
Page 214: Figure 3-64 Port Statistics
ONFIGURING THE WITCH Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen. Figure 3-64 Port Statistics 3-150...
Page 215: Address Table Settings
DDRESS ABLE ETTINGS CLI – This example shows statistics for port 12. Console#show interfaces counters ethernet 1/12 4-197 Ethernet 1/12 Iftable stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unitcast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats:...
Page 216: Figure 3-65 Static Addresses
ONFIGURING THE WITCH Command Attributes • Static Address Counts – The number of manually configured addresses. • Current Static Address Table – Lists all the static addresses. • Interface – Port or trunk associated with the device assigned a static address.
Page 217: Displaying The Address Table
DDRESS ABLE ETTINGS Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address are forwarded directly to the associated port.
Page 218: Figure 3-66 Dynamic Addresses
ONFIGURING THE WITCH Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query. Figure 3-66 Dynamic Addresses CLI – This example also displays the address table entries for port 1. Console#show mac-address-table interface ethernet 1/1 4-219 Interface Mac Address...
Page 219: Changing The Aging Time
PANNING LGORITHM ONFIGURATION Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Attributes • Aging Status – Enables/disables the aging function. • Aging Time – The time after which a learned entry is discarded. (Range: 10-1000000 seconds;...
Page 220 ONFIGURING THE WITCH The spanning tree algorithms supported by this switch include these versions: • STP – Spanning Tree Protocol (IEEE 802.1D) • RSTP – Rapid Spanning Tree Protocol (IEEE 802.1w) • MSTP – Multiple Spanning Tree Protocol (IEEE 802.1s) STA uses a distributed algorithm to select a bridging device (STA-compliant switch, bridge or router) that serves as the root of the spanning tree network.
Page 221: Displaying Global Settings
PANNING LGORITHM ONFIGURATION start learning, predefining an alternate route that can be used when a node or port fails, and retaining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occurs. When using STP or RSTP, it may be difficult to maintain a stable path between all VLAN members.
Page 222 ONFIGURING THE WITCH • Hello Time – Interval (in seconds) at which the root device transmits a configuration message. • Forward Delay – The maximum time (in seconds) the root device will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.
Page 223 PANNING LGORITHM ONFIGURATION have the same priority, the device with the lowest MAC address will then become the root device. • Root Hello Time – Interval (in seconds) at which this device transmits a configuration message. • Root Maximum Age – The maximum time (in seconds) this device can wait without receiving a configuration message before attempting to reconfigure.
Page 224: Figure 3-68 Sta Information
ONFIGURING THE WITCH Web – Click Spanning Tree, STA, Information. Figure 3-68 STA Information CLI – This command displays global STA settings, followed by settings for each port. Console#show spanning-tree 4-243 Spanning-tree information --------------------------------------------------------------- Spanning tree mode: MSTP Spanning tree enable/disable: enable Instance: Vlans configuration:...
Page 225: Configuring Global Settings
PANNING LGORITHM ONFIGURATION --------------------------------------------------------------- 1/ 1 information --------------------------------------------------------------- Admin status: enabled Role: disable State: discarding External admin path cost: 10000 Internal admin cost: 10000 External oper path cost: 10000 Internal oper path cost: 10000 Priority: Designated cost: 300000 Designated port: 128.1 Designated root: 32768.0000E8AAAA00...
Page 226 ONFIGURING THE WITCH • Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
Page 227 PANNING LGORITHM ONFIGURATION - RSTP: Rapid Spanning Tree (IEEE 802.1w); RSTP is the default. - MSTP: Multiple Spanning Tree (IEEE 802.1s) • Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device.
Page 228 ONFIGURING THE WITCH port needs time to listen for conflicting information that would make it return to a discarding state; otherwise, temporary data loops might result. - Default: 15 - Minimum: The higher of 4 or [(Max. Message Age / 2) + 1] - Maximum: 30 Configuration Settings for RSTP The following attributes apply to both RSTP and MSTP:...
Page 229: Figure 3-69 Sta Global Configuration
PANNING LGORITHM ONFIGURATION Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply. Figure 3-69 STA Global Configuration 3-165...
Page 230: Displaying Interface Settings
ONFIGURING THE WITCH CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters. Console(config)#spanning-tree 4-222 Console(config)#spanning-tree mode mstp 4-223 Console(config)#spanning-tree priority 40000 4-227 Console(config)#spanning-tree hello-time 5 4-226 Console(config)#spanning-tree max-age 38 4-226 Console(config)#spanning-tree forward-time 20 4-225...
Page 231 PANNING LGORITHM ONFIGURATION - If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, the port with the smaller ID forwards packets and the other is discarding. - All ports are discarding when the switch is booted, then some of them change state to learning, and then to forwarding.
Page 232 ONFIGURING THE WITCH R: Root Port Alternate port receives more A: Alternate Port useful BPDUs from another D: Designated Port bridge and is therefore not B: Backup Port selected as the designated port. Backup port receives more useful BPDUs from the same bridge and is therefore not selected as the designated port.
Page 233: Figure 3-70 Sta Port Information
PANNING LGORITHM ONFIGURATION • Designated root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. • Fast forwarding – This field provides the same information as Admin Edge port, and is only included for backward compatibility with earlier products.
Page 234: Configuring Interface Settings
ONFIGURING THE WITCH CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/5 4-243 1/ 5 information -------------------------------------------------------------- Admin status: enabled Role: disable State: discarding External admin path cost: 10000 Internal admin cost: 10000 External oper path cost: 10000 Internal oper path cost: 10000...
Page 235 PANNING LGORITHM ONFIGURATION - Learning - Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information. Port address table is cleared, and the port begins learning addresses. - Forwarding - Port forwards packets, and continues learning addresses.
Page 236 ONFIGURING THE WITCH • Range – - Ethernet: 200,000-20,000,000 - Fast Ethernet: 20,000-2,000,000 - Gigabit Ethernet: 2,000-200,000 - 10 Gigabit Ethernet: 200-20,000 • Default – - Ethernet – Half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000 - Fast Ethernet – Half duplex: 200,000; full duplex: 100,000; trunk: 50,000 - Gigabit Ethernet –...
Page 237: Configuring Multiple Spanning Trees
PANNING LGORITHM ONFIGURATION re-check the appropriate BPDU format (RSTP or STP-compatible) to send on the selected interfaces. (Default: Disabled) Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Apply. Figure 3-71 STA Port Configuration CLI –...
Page 238 ONFIGURING THE WITCH (page 3-164) with the same set of instances, and the same instance (on each bridge) with the same set of VLANs. Also, note that RSTP treats each MSTI region as a single node, connecting all regions to the Common Spanning Tree.
Page 239: Figure 3-72 Mstp Vlan Configuration
PANNING LGORITHM ONFIGURATION Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the instance priority, and click Apply. To add the VLAN members to an MSTI instance, enter the instance identifier, the VLAN identifier, and click Add. Figure 3-72 MSTP VLAN Configuration 3-175...
Page 240: Each Port
ONFIGURING THE WITCH CLI – This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-tree mst 1 4-243 Spanning-tree information --------------------------------------------------------------- Spanning tree mode: MSTP Spanning tree enabled/disabled: enabled Instance: VLANs configuration: Priority: 32768 Bridge Hello Time (sec.): Bridge Max Age (sec.): Bridge Forward Delay (sec.): Root Hello Time (sec.):...
Page 241: Displaying Interface Settings For Mstp
PANNING LGORITHM ONFIGURATION CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. Console(config)#spanning-tree mst-configuration 4-229 Console(config-mst)#mst 1 priority 4096 4-231 Console(config-mstp)#mst 1 vlan 1-5 4-230 Console(config-mst)# Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Information pages display the current status of ports and trunks in the selected MST instance.
Page 242 ONFIGURING THE WITCH CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are global settings that apply to the IST (page 3-157), the settings for other instances only apply to the local spanning tree.
Page 243: Configuring Interface Settings For Mstp
PANNING LGORITHM ONFIGURATION Configuring Interface Settings for MSTP You can configure the STA interface settings for an MST Instance using the MSTP Port Configuration and MSTP Trunk Configuration pages. Field Attributes The following attributes are read-only and cannot be changed: •...
Page 244: Figure 3-74 Mstp Port Configuration
ONFIGURING THE WITCH • Admin MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.) Note that when the Path Cost Method is set to short (page 3-161), the maximum path cost is 65,535.
Page 245: Vlan Configuration
VLAN C ONFIGURATION CLI – This example sets the MSTP attributes for port 4. Console(config)#interface ethernet 1/4 4-187 Console(config-if)#spanning-tree mst port-priority 0 4-241 Console(config-if)#spanning-tree mst cost 50 4-240 Console(config-if) VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains.
Page 246: Assigning Ports To Vlans
ONFIGURING THE WITCH This switch supports the following VLAN features: • Up to 255 VLANs based on the IEEE 802.1Q standard • Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol • Port overlapping, allowing a port to participate in multiple VLANs •...
Page 247 VLAN C ONFIGURATION VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port).
Page 248 ONFIGURING THE WITCH To implement GVRP in a network, first add the host devices to the required VLANs (using the operating system or other application software), so that these VLANs can be propagated onto the network. For both the edge switches attached directly to these hosts, and core switches in the network, enable GVRP on the links between these devices.
Page 249: Enabling Or Disabling Gvrp (Global Setting)
VLAN C ONFIGURATION VLAN-aware devices, the switch should include VLAN tags. When forwarding a frame from this switch along a path that does not contain any VLAN-aware devices (including the destination host), the switch must first strip off the VLAN tag before forwarding the frame. When the switch receives a tagged frame, it will pass this frame onto the VLAN(s) indicated by the frame tag.
Page 250: Displaying Basic Vlan Information
ONFIGURING THE WITCH Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch. Field Attributes • VLAN Version Number – The VLAN version used by this switch as specified in the IEEE 802.1Q standard. •...
Page 251: Displaying Current Vlans
VLAN C ONFIGURATION Displaying Current VLANs The VLAN Current Table shows the current port members of each VLAN and whether or not the port supports VLAN tagging. Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging.
Page 252: Creating Vlans
ONFIGURING THE WITCH Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4093, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. •...
Page 253: Figure 3-78 Vlan Static List - Creating Vlans
VLAN C ONFIGURATION Command Attributes • Current – Lists all the current VLAN groups created for this system. Up to 255 VLAN groups can be defined. VLAN 1 is the default untagged VLAN. • New – Allows you to specify the name and numeric identifier for a new VLAN group.
Page 254: Adding Static Members To Vlans (Vlan Index)
ONFIGURING THE WITCH CLI – This example creates a new VLAN. Console(config)#vlan database 4-246 Console(config-vlan)#vlan 2 name R&D media ethernet state active 4-247 Console(config-vlan)#end Console#show vlan 4-256 VLAN ID: Type: Static Name: DefaultVlan Status: Active Ports/Port Channels: Eth1/ 1(S) Eth1/ 2(S) Eth1/ 3(S) Eth1/ 4(S) Eth1/ 5(S) Eth1/ 6(S) Eth1/ 7(S) Eth1/ 8(S) Eth1/ 9(S) Eth1/10(S) Eth1/11(S) Eth1/12(S) Eth1/13(S) Eth1/14(S) Eth1/15(S) Eth1/16(S) Eth1/17(S) Eth1/18(S) Eth1/19(S) Eth1/20(S)
Page 255 VLAN C ONFIGURATION Command Attributes • VLAN – ID of configured VLAN (1-4093). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable: VLAN is operational. - Disable: VLAN is suspended; i.e., does not pass packets. •...
Page 256: Figure 3-79 Vlan Static Table - Adding Static Members
ONFIGURING THE WITCH Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks.
Page 257: Adding Static Members To Vlans (Port Index)
VLAN C ONFIGURATION Adding Static Members to VLANs (Port Index) Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member. Command Attributes • Interface – Port or trunk identifier. • Member – VLANs for which the selected interface is a tagged member. •...
Page 258: Configuring Vlan Behavior For Interfaces
ONFIGURING THE WITCH Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, ingress filtering, GVRP status, and GARP timers. Command Usage • GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network.
Page 259 VLAN C ONFIGURATION all other ports (except for those VLANs explicitly forbidden on this port). - If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be discarded. - Ingress filtering does not affect VLAN independent BPDU frames, such as GVRP or STP.
Page 260: Figure 3-81 Vlan Port Configuration
ONFIGURING THE WITCH - Hybrid – Specifies a hybrid VLAN interface. The port may transmit tagged or untagged frames. • Trunk Member – Indicates if a port is a member of a trunk. To add a trunk to the selected VLAN, use the last table on the VLAN Static Table page.
Page 261: Configuring Private Vlans
VLAN C ONFIGURATION Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously within the same switch.) Uplink Ports (promiscuous ports) Downlink Ports...
Page 262: Configuring Uplink And Downlink Ports
ONFIGURING THE WITCH Configuring Uplink and Downlink Ports Use the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports. Uplink ports can communicate with any other ports on the switch and with any designated downlink ports.
Page 263: Configuring Protocol-Based Vlans
VLAN C ONFIGURATION Configuring Protocol-Based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol. This kind of configuration deprives users of the basic benefits of VLANs, including security and easy accessibility.
Page 264: Configuring Protocol Groups
ONFIGURING THE WITCH Configuring Protocol Groups Create a protocol group for one or more protocols. Command Attributes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Type – Frame type used by this protocol. (Options: Ethernet, RFC_1042, LLC_other) •...
Page 265: Mapping Protocols To Vlans
VLAN C ONFIGURATION Mapping Protocols to VLANs Map a protocol group to a VLAN for each interface that will participate in the group. Command Usage • When creating a protocol-based VLAN, only assign interfaces using this configuration screen. If you assign interfaces using any of the other VLAN menus such as the VLAN Static Table (page 3-190) or VLAN Static Membership by Port menu (page 3-193), these interfaces will admit traffic of any protocol type into the associated VLAN.
Page 266: Figure 3-85 Protocol Vlan Port Configuration
ONFIGURING THE WITCH Web – Click VLAN, Protocol VLAN, Port Configuration. Select a a port or trunk, enter a protocol group ID, the corresponding VLAN ID, and click Apply. Figure 3-85 Protocol VLAN Port Configuration CLI – The following maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 3.
Page 267: Class Of Service Configuration
LASS OF ERVICE ONFIGURATION Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port.
Page 268: Figure 3-86 Default Port Priority
ONFIGURING THE WITCH • Number of Egress Traffic Classes – The number of queue buffers provided for each port. Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click Apply. Figure 3-86 Default Port Priority CLI –...
Page 269: Mapping Cos Values To Egress Queues
LASS OF ERVICE ONFIGURATION Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using eight priority queues for each port, with service schedules based on strict or Weighted Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p.
Page 270: Figure 3-87 Traffic Classes
ONFIGURING THE WITCH Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click Apply. Figure 3-87 Traffic Classes CLI – The following example shows how to change the CoS assignments to a one-to-one mapping. Console(config)#interface ethernet 1/1 4-187 Console(config)#queue cos-map 0 0...
Page 271: Selecting The Queue Mode
LASS OF ERVICE ONFIGURATION Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
Page 272: Setting The Service Weight For Traffic Classes
ONFIGURING THE WITCH Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in “Mapping CoS Values to Egress Queues” on page 3-205, the traffic classes are mapped to one of the eight egress queues provided for each port.
Page 273: Layer 3/4 Priority Settings
LASS OF ERVICE ONFIGURATION CLI – The following example shows how to assign WRR weights to each of the priority queues. Console(config)#queue bandwidth 1 3 5 7 9 11 13 15 4-272 Console(config)#exit Console#show queue bandwidth 4-275 Information of Eth 1/1 Queue ID Weight --------...
Page 274: Selecting Ip Precedence/Dscp Priority
ONFIGURING THE WITCH Selecting IP Precedence/DSCP Priority The switch allows you to choose between using IP Precedence or DSCP priority. Select one of the methods or disable this feature. Command Attributes • Disabled – Disables both priority services. (This is the default setting.) •...
Page 275: Table 3-14 Mapping Ip Precedence
LASS OF ERVICE ONFIGURATION Table 3-14 Mapping IP Precedence Priority Level Traffic Type Priority Level Traffic Type Network Control Flash Internetwork Control 2 Immediate Critical Priority Flash Override Routine Command Attributes • IP Precedence Priority Table – Shows the IP Precedence to CoS map. •...
Page 276: Mapping Dscp Priority
ONFIGURING THE WITCH CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings. Console(config)#map ip precedence 4-278 Console(config)#interface ethernet 1/1 4-187 Console(config-if)#map ip precedence 1 cos 0 4-278...
Page 277: Table 3-15 Mapping Dscp Priority
LASS OF ERVICE ONFIGURATION Table 3-15 Mapping DSCP Priority IP DSCP Value CoS Value 10, 12, 14, 16 18, 20, 22, 24 26, 28, 30, 32, 34, 36 38, 40, 42 46, 56 Command Attributes • DSCP Priority Table – Shows the DSCP Priority to CoS map. •...
Page 278: Mapping Ip Port Priority
ONFIGURING THE WITCH CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings. Console(config)#map ip dscp 4-279 Console(config)#interface ethernet 1/1 4-187 Console(config-if)#map ip dscp 1 cos 0 4-280...
Page 279: Figure 3-93 Ip Port Priority Status
LASS OF ERVICE ONFIGURATION Web – Click Priority, IP Port Status. Set IP Port Priority Status to Enabled. Figure 3-93 IP Port Priority Status Click Priority, IP Port Priority. Enter the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box, and then click Apply.
Page 280: Quality Of Service
ONFIGURING THE WITCH CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1) to CoS value 0, and then displays the IP Port Priority settings. Console(config)#map ip port 4-276 Console(config)#interface ethernet 1/1 4-187 Console(config-if)#map ip port 80 cos 0 4-277...
Page 281: Configuring Quality Of Service Parameters
UALITY OF ERVICE Switches and routers along the path can use class information to prioritize the resources allocated to different traffic classes. The manner in which an individual device handles traffic in the DiffServ architecture is called per-hop behavior. All devices along a path should be configured in a consistent manner to construct a consistent end-to-end QoS solution.
Page 282: Configuring A Class Map
ONFIGURING THE WITCH Configuring a Class Map A class map is used for matching packets to a specified class. Command Usage • To configure a Class Map, follow these steps: - Open the Class Map page, and click Add Class. - When the Class Configuration page opens, fill in the “Class Name”...
Page 283 UALITY OF ERVICE • Remove Class – Removes the selected class. Class Configuration • Class Name – Name of the class map. (Range: 1-32 characters) • Type – Only one match command is permitted per class map, so the match-any field refers to the criteria specified by the lone match command.
Page 284: Figure 3-95 Configuring Class Maps
ONFIGURING THE WITCH Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing class. Figure 3-95 Configuring Class Maps 3-220...
Page 285: Creating Qos Policies
UALITY OF ERVICE CLI - This example creates a class map call “rd-class,” and sets it to match packets marked for DSCP service value 3. Console(config)#class-map rd_class match-any 4-286 Console(config-cmap)#match ip dscp 3 4-287 Console(config-cmap)#exit Console(config)#access-list ip mask-precedence in 4-117 Console(config-ip-mask-acl)#mask any any dscp 4-123 Console(config-ip-mask-acl)#...
Page 286 ONFIGURING THE WITCH • After using the policy map to define packet classification, service tagging, and bandwidth policing, it must be assigned to a specific interface by a service policy (page 3-225) to take effect. Command Attributes Policy Map • Modify Name and Description – Configures the name and a brief description of a policy map.
Page 287 UALITY OF ERVICE • Exceed Action – Specifies whether the traffic that exceeds the specified rate will be dropped or the DSCP service level will be reduced. • Remove Class – Deletes a class. - Policy Options - • Class Name – Name of class map. •...
Page 288: Figure 3-96 Configuring Policy Maps
ONFIGURING THE WITCH Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Policy. To configure the policy rule settings click Edit Classes. Figure 3-96 Configuring Policy Maps 3-224...
Page 289: Attaching A Policy Map To Ingress Queues
UALITY OF ERVICE CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522 bps, and the response to reduce the DSCP value for violating packets to 0. Console(config)#policy-map rd_policy#3 4-289 Console(config-pmap)#class rd_class#3 4-290...
Page 290: Multicast Filtering
ONFIGURING THE WITCH Web – Click QoS, DiffServ, Service Policy Settings. Check Enabled and choose a Policy Map for a port from the scroll-down box, then click Apply. Figure 3-97 Service Policy Settings CLI - This example applies a service policy to an ingress interface. Console(config)#interface ethernet 1/5 4-187 Console(config-if)#service-policy input rd_policy#3...
Page 291: Layer 2 Igmp (Snooping And Query)
ULTICAST ILTERING pruned at every multicast switch/router it passes through to ensure that traffic is only passed on to the hosts which subscribed to this service. This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting to join the service and sends data out to those ports only.
Page 292: Configuring Igmp Snooping And Query Parameters
ONFIGURING THE WITCH Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance.
Page 293: Figure 3-98 Igmp Configuration
ULTICAST ILTERING • IGMP Query Count — Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group. (Range: 2-10, Default: 2) • IGMP Query Interval — Sets the frequency at which the switch sends IGMP host-query messages.
Page 294: Displaying Interfaces Attached To A Multicast Router
ONFIGURING THE WITCH CLI – This example modifies the settings for multicast filtering, and then displays the current status. Console(config)#ip igmp snooping 4-297 Console(config)#ip igmp snooping querier 4-301 Console(config)#ip igmp snooping query-count 10 4-301 Console(config)#ip igmp snooping query-interval 100 4-302 Console(config)#ip igmp snooping query-max-response-time 20 4-303 Console(config)#ip igmp snooping query-time-out 300...
Page 295: Specifying Static Interfaces For A Multicast Router
ULTICAST ILTERING Web – Click IGMP Snooping, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to display the associated multicast routers. Figure 3-99 Multicast Router Port Information CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.
Page 296: Displaying Port Members Of Multicast Services
ONFIGURING THE WITCH • Unit – Stack unit. (Range: 1-8) • Port or Trunk – Specifies the interface attached to a multicast router. Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add.
Page 297: Assigning Ports To Multicast Services
ULTICAST ILTERING Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from the scroll-down lists. The switch will display all the interfaces that are propagating this multicast service. Figure 3-101 IP Multicast Registration Table CLI –...
Page 298: Figure 3-102 Igmp Member Port Table
ONFIGURING THE WITCH Command Usage • Static multicast addresses are never aged out. • When a multicast address is assigned to an interface in a specific VLAN, the corresponding traffic can only be forwarded to ports within that VLAN. Command Attribute •...
Page 299: Configuring Domain Name Service
ONFIGURING OMAIN ERVICE CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.1.1.12 ethernet 1/12 4-297 Console(config)#exit Console#show mac-address-table multicast vlan 1 4-299 VLAN M'cast IP addr.
Page 300 ONFIGURING THE WITCH • When an incomplete host name is received by the DNS server on this switch and a domain name list has been specified, the switch will work through the domain list, appending each domain name in the list to the host name, and checking with the specified name servers for a match.
Page 301: Figure 3-103 Dns General Configuration
ONFIGURING OMAIN ERVICE Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name servers to use to use for address resolution, enable domain lookup status, and click Apply. Figure 3-103 DNS General Configuration 3-237...
Page 302: Configuring Static Dns Host To Address Entries
ONFIGURING THE WITCH CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is specified, the default domain name is not used. Console(config)#ip domain-name sample.com 4-179 Console(config)#ip domain-list sample.com.uk 4-180 Console(config)#ip domain-list sample.com.jp Console(config)#ip domain-server 192.168.1.55 10.1.0.55 4-181...
Page 303: Figure 3-104 Dns Static Host Table
ONFIGURING OMAIN ERVICE Field Attributes • Host Name – Name of a host device that is mapped to one or more IP addresses. (Range: 1-64 characters) • IP Address – Internet address(es) associated with a host name. (Range: 1-8 addresses) •...
Page 304: Displaying The Dns Cache
ONFIGURING THE WITCH CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses. Console(config)#ip host rd5 192.168.1.55 10.1.0.55 4-178 Console(config)#ip host rd6 10.1.0.55 Console#show host 4-183 Hostname Inet address 10.1.0.55 192.168.1.55 Alias 1.rd6...
Page 305: Figure 3-105 Dns Cache
ONFIGURING OMAIN ERVICE Web – Select DNS, Cache. Figure 3-105 DNS Cache CLI - This example displays all the resource records learned from the designated name servers. Console#show dns cache 4-184 FLAG TYPE DOMAIN CNAME 207.46.134.222 www.microsoft.akadns.net CNAME 207.46.134.190 www.microsoft.akadns.net CNAME 207.46.134.155 www.microsoft.akadns.net...
Page 306: Dynamic Host Configuration Protocol
ONFIGURING THE WITCH Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients when they boot up. If a subnet does not already include a BOOTP or DHCP server, you can relay DHCP client requests to a DHCP server on another subnet, or configure the DHCP server on this switch to support that subnet.
Page 307: Figure 3-106 Dhcp Relay Configuration
YNAMIC ONFIGURATION ROTOCOL Command Usage You must specify the IP address for at least one DHCP server. Otherwise, the switch’s DHCP relay agent will not forward client requests to a DHCP server. Command Attributes • VLAN ID – ID of configured VLAN. •...
Page 308: Configuring The Dhcp Server
ONFIGURING THE WITCH Configuring the DHCP Server This switch includes a Dynamic Host Configuration Protocol (DHCP) server that can assign temporary IP addresses to any attached host requesting service. It can also provide other network settings such as the domain name, default gateway, Domain Name Servers (DNS), Windows Internet Naming Service (WINS) name servers, or information on the bootup file for the host device to download.
Page 309: Enabling The Server, Setting Excluded Addresses
YNAMIC ONFIGURATION ROTOCOL Enabling the Server, Setting Excluded Addresses Enable the DHCP Server and specify the IP addresses that it should not be assigned to clients. Command Attributes • DHCP Server – Enables or disables the DHCP server on this switch. (Default: Disabled) •...
Page 310: Configuring Address Pools
ONFIGURING THE WITCH CLI – This example enables the DHCP and sets an excluded address range. Console(config)#service dhcp 4-162 Console(config)#ip dhcp excluded-address 10.1.0.250 10.1.0.254 4-163 Console# Configuring Address Pools You must configure IP address pools for each IP interface that will provide addresses to attached clients via the DHCP server.
Page 311 YNAMIC ONFIGURATION ROTOCOL • If the subnet mask is not specified for network or host address pools, the class A, B, or C natural mask is used (see page 3-295). The DHCP server assumes that all host addresses are available. You can exclude subsets of the address space by using the IP Excluded Address field on the DHCP Server General configuration page.
Page 312: Figure 3-108 Dhcp Server Pool Configuration
ONFIGURING THE WITCH • Netbios Type – NetBIOS node type for Microsoft DHCP clients. (Options: Broadcast, Hybrid, Mixed, Peer to Peer; Default: Hybrid) • Domain Name – The domain name of the client. (Range: 1-32 characters) • Bootfile – The default boot image for a DHCP client. This file should placed on the Trivial File Transfer Protocol (TFTP) server specified as the Next Server.
Page 313: Figure 3-109 Dhcp Server Pool - Network Configuration
YNAMIC ONFIGURATION ROTOCOL Configuring a Network Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Network.” Enter the IP address and subnet mask for the network pool. Configure the optional parameters such as gateway server and DNS server.
Page 314 ONFIGURING THE WITCH CLI – This example configures a network address pool. Console(config)#ip dhcp pool tps 4-163 Console(config-dhcp)#network 10.1.0.0 255.255.255.0 4-164 Console(config-dhcp)#default-router 10.1.0.253 4-165 Console(config-dhcp)#dns-server 10.2.3.4 4-167 Console(config-dhcp)#netbios-name-server 10.1.0.33 4-169 Console(config-dhcp)#netbios-node-type hybrid 4-170 Console(config-dhcp)#domain-name example.com 4-166 Console(config-dhcp)#bootfile wme.bat 4-168 Console(config-dhcp)#next-server 10.1.0.21 4-167 Console(config-dhcp)#lease infinite 4-171...
Page 315: Figure 3-110 Dhcp Server Pool - Host Configuration
YNAMIC ONFIGURATION ROTOCOL Configuring a Host Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Host.” Enter the IP address, subnet mask, and hardware address for the client device. Configure the optional parameters such as gateway server and DNS server.
Page 316: Displaying Address Bindings
ONFIGURING THE WITCH CLI – This example configures a host address pool. Console(config)#ip dhcp pool mgr 4-163 Console(config-dhcp)#host 10.1.0.19 255.255.255.0 4-172 Console(config-dhcp)#hardware-address 00-e0-29-94-34-28 ethernet 4-174 Console(config-dhcp)#client-identifier text bear 4-173 Console(config-dhcp)#default-router 10.1.0.253 4-165 Console(config-dhcp)#dns-server 10.2.3.4 4-167 Console(config-dhcp)#netbios-name-server 10.1.0.33 4-169 Console(config-dhcp)#netbios-node-type hybrid 4-170 Console(config-dhcp)#domain-name example.com 4-166...
Page 317: Figure 3-111 Dhcp Server - Ip Binding
YNAMIC ONFIGURATION ROTOCOL Web – Click DHCP, Server, IP Binding. You may use the Delete button to clear an address from the DHCP server’s database. Figure 3-111 DHCP Server - IP Binding CLI – This example displays the current binding, and then clears all automatic binding.
Page 318: Configuring Router Redundancy
ONFIGURING THE WITCH Configuring Router Redundancy Router redundancy protocols use a virtual IP address to support a primary router and multiple backup routers. The backup routers can be configured to take over the workload if the master router fails, or can also be configured to share the traffic load.
Page 319 ONFIGURING OUTER EDUNDANCY • Several virtual master routers using the same set of backup routers. Master Router Backup Router VRID 23 IP(R1) = 192.168.1.3 IP(VR23) = 192.168.1.3 VRID 23 VR Priority = 255 IP(R3) = 192.168.1.4 IP(VR23) = 192.168.1.3 Master Router VR Priority = 100 VRID 25 IP(R3) = 192.168.2.18...
Page 320: Virtual Router Redundancy Protocol
ONFIGURING THE WITCH Virtual Router Redundancy Protocol Virtual Router Redundancy Protocol (VRRP) allows you to configure a group of routers as a single virtual router. The virtual router group is configured with a single virtual IP address that can be used as the default gateway for host devices on the attached network.
Page 321 ONFIGURING OUTER EDUNDANCY Virtual Router Priority – • The Owner of the virtual IP address is automatically assigned the highest possible virtual router priority of 255. The backup router with the highest priority will become the master router if the current master fails. However, because the priority of the virtual IP address Owner is the highest, the original master router will always become the active master router when it recovers.
Page 322 ONFIGURING THE WITCH • Preemption – Shows if this router is allowed to preempt the acting master. • Priority – Priority of this router in the VRRP group. • AuthType – Authentication mode used to verify VRRP packets from other routers. Command Attributes (VRRP Group Configuration Detail) •...
Page 323 ONFIGURING OUTER EDUNDANCY • Priority – The priority of this router in a VRRP group. (Range: 1-254; Default: 100) - The priority for the VRRP group address owner is automatically set to 255. - The priority for backup routers is used to determine which router will take over as the acting master router if the current master fails.
Page 324: Figure 3-112 Vrrp Group Configuration
ONFIGURING THE WITCH Web – Click IP, VRRP, Group Configuration. Select the VLAN ID, enter the VRID group number, and click Add. Figure 3-112 VRRP Group Configuration 3-260...
Page 325: Figure 3-113 Vrrp Group Configuration Detail
ONFIGURING OUTER EDUNDANCY Click the Edit button for a group entry to open the detailed configuration window. Enter the IP address of a real interface on this router to make it the master virtual router for the group. Otherwise, enter the virtual address for an existing group to make it a backup router.
Page 326: Displaying Vrrp Global Statistics
ONFIGURING THE WITCH CLI – This example creates VRRP group 1, sets this switch as the master virtual router by assigning the primary interface address for the selected VLAN to the virtual IP address. It then adds a secondary IP address to the VRRP group, sets all of the other VRRP parameters, and then displays the configured settings.
Page 327: Displaying Vrrp Group Statistics
ONFIGURING OUTER EDUNDANCY Web – Click IP, VRRP, Global Statistics. Figure 3-114 VRRP Global Statistics CLI – This example displays counters for protocol errors for all the VRRP groups configured on this switch. Console#show vrrp router counters 4-390 VRRP Packets with Invalid Checksum : 0 VRRP Packets with Unknown Error VRRP Packets with Invalid VRID Console#...
Page 328: Figure 3-115 Vrrp Group Statistics
ONFIGURING THE WITCH • Error IP TTL Packets – Number of VRRP packets received by the virtual router with IP TTL (Time-To-Live) not equal to 255. • Received Priority 0 Packets – Number of VRRP packets received by the virtual router with priority set to 0. •...
Page 329: Ip Routing
IP R OUTING CLI – This example displays VRRP protocol statistics for group 1, VLAN 1. Console#show vrrp 1 interface vlan 1 counters 4-391 Total Number of Times Transitioned to MASTER Total Number of Received Advertisements Packets Total Number of Received Error Advertisement Interval Packets Total Number of Received Authentication Failures Packets Total Number of Received Error IP TTL VRRP Packets Total Number of Received Priority 0 VRRP Packets...
Page 330: Ip Switching
ONFIGURING THE WITCH Each VLAN represents a virtual interface to Layer 3. You just need to provide the network address for each virtual interface, and the traffic between different subnetworks will be routed by Layer 3 switching. Inter-subnet traffic (Layer 3 switching) Routing Untagged Untagged...
Page 331 IP R OUTING If the destination node is on the same subnetwork as the source network, then the packet can be transmitted directly without the help of a router. However, if the MAC address is not yet known to the switch, an Address Resolution Protocol (ARP) packet with the destination IP address is broadcast to get the destination MAC address from the destination node.
Page 332: Routing Path Management
ONFIGURING THE WITCH When another packet destined to the same node arrives, the destination MAC can be retrieved directly from the Layer 3 address table; the packet is then reformatted and sent out the destination port. IP switching can be done at wire-speed when the destination address entry is already in the Layer 3 address table.
Page 333: Basic Ip Interface Configuration
IP R OUTING rough estimate of transmission cost. Each router broadcasts its advertisement every 30 seconds, together with any updates to its routing table. This allows all routers on the network to learn consistent tables of next hop links which lead to relevant subnets. OSPFv2 Dynamic Routing Protocol OSPF overcomes all the problems of RIP.
Page 334: Figure 3-116 Ip Global Settings
ONFIGURING THE WITCH Command Attributes • IP Routing Status – Configures the switch to operate as a Layer 2 switch or as a multilayer routing switch. (Options: Disable this field to restrict operation to Layer 2 switching; enable it to allow multilayer operation at either Layer 2 or 3 as required.) - This command affects both static and dynamic unicast routing.
Page 335: Configuring Ip Routing Interfaces
IP R OUTING CLI - This example enables IP routing, and sets the default gateway. Console(config)#ip routing 4-318 Console(config)#ip route default 10.1.0.254 4-319 Configuring IP Routing Interfaces You can specify the IP subnets connected to this router by manually assigning an IP address to each VLAN, or by using the RIP or OSPF dynamic routing protocol to identify routes that lead to other interfaces by exchanging protocol messages with other routers on the network.
Page 336: Figure 3-117 Ip Routing Interface
ONFIGURING THE WITCH IP address. An interface can have only one primary IP address, but can have multiple secondary IP addresses. In other words, you will need to specify secondary addresses if more than one IP subnet can accessed via this interface. - If DHCP/BOOTP is enabled, IP will not function until a reply has been received from the address server.
Page 337: Address Resolution Protocol
IP R OUTING CLI - This example sets a primary IP address for VLAN 1, and then adds a secondary IP address for a different subnet also attached to this router interface. Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.253 255.255.255.0 4-308 Console(config-if)#ip address 10.1.9.253 255.255.255.0 secondary Console(config-if)# Address Resolution Protocol...
Page 338: Proxy Arp
ONFIGURING THE WITCH address field and send the message back to the source hardware address. When the source device receives a reply, it writes the destination IP address and corresponding MAC address into its cache, and forwards the IP traffic on to the next hop. As long as this entry has not timed out, the router will be able forward traffic directly to the next hop for this destination without having to broadcast another ARP request.
Page 339: Figure 3-118 Arp General
IP R OUTING • End stations that require Proxy ARP must view the entire network as a single network. These nodes must therefore use a smaller subnet mask than that used by the router or other relevant network devices. • Extensive use of Proxy ARP can degrade router performance because it may lead to increased ARP traffic and increased search time for larger ARP address tables.
Page 340: Configuring Static Arp Addresses
ONFIGURING THE WITCH CLI - This example sets the ARP cache timeout for 15 minutes (i.e., 900 seconds), and enables Proxy ARP for VLAN 3. Console(config)#arp-timeout 900 4-315 Console(config)#interface vlan 3 4-187 Console(config-if)#ip proxy-arp 4-316 Console(config-if)# Configuring Static ARP Addresses For devices that do not respond to ARP requests, traffic will be dropped because the IP address cannot be mapped to a physical address.
Page 341: Displaying Dynamically Learned Arp Entries
IP R OUTING Web - Click IP, ARP, Static Addresses. Enter the IP address, the corresponding MAC address, and click Apply. Figure 3-119 ARP Static Addresses CLI - This example sets a static entry for the ARP cache. Console(config)#arp 10.1.0.11 00-11-22-33-44-55 4-314 Console(config)# Displaying Dynamically Learned ARP Entries...
Page 342: Figure 3-120 Arp Dynamic Addresses
ONFIGURING THE WITCH • Clear All – Deletes all dynamic entries from the ARP cache. • Entry Count – The number of dynamic entries in the ARP cache. Web - Click IP, ARP, Dynamic Addresses. You can use the buttons provided to change a dynamic entry to a static entry, or to clear all dynamic entries in the cache.
Page 343: Displaying Local Arp Entries
IP R OUTING Displaying Local ARP Entries The ARP cache also contains entries for local interfaces, including subnet, host, and broadcast addresses. Command Attributes • IP Address – IP address of a local entry in the cache. • MAC Address – MAC address mapped to the corresponding IP address.
Page 344: Displaying Arp Statistics
ONFIGURING THE WITCH CLI - This router uses the Type specification “other” to indicate local cache entries in the ARP cache. Console#show arp 4-316 Arp cache timeout: 1200 (seconds) IP Address MAC Address Type Interface --------------- ----------------- --------- ----------- 10.1.0.0 ff-ff-ff-ff-ff-ff other 10.1.0.11 00-11-22-33-44-55 static...
Page 345 IP R OUTING CLI - This example provides detailed statistics on common IP-related protocols. Console#show ip traffic 4-323 IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gateway Frags: 0 reassembled, 0 timeouts 0 fragmented, 0 couldn't fragment Sent: 9 generated...
Page 346: Displaying Statistics For Ip Protocols
ONFIGURING THE WITCH Displaying Statistics for IP Protocols IP Statistics The Internet Protocol (IP) provides a mechanism for transmitting blocks of data (often called packets or frames) from a source to a destination, where these network devices (i.e., hosts) are identified by fixed length addresses.
Page 347 IP R OUTING Table 3-18 IP Statistics (Continued) Parameter Description Reassembly Failures The number of failures detected by the IP re-assembly algorithm (for whatever reason: timed out, errors, etc.). Datagrams Failing The number of datagrams that have been discarded Fragmentation because they needed to be fragmented at this entity but could not be, e.g., because their “Don't Fragment”...
Page 348: Icmp Statistics
ONFIGURING THE WITCH Web - Click IP, Statistics, IP. Figure 3-123 IP Statistics CLI - See the example on page 3-280. ICMP Statistics Internet Control Message Protocol (ICMP) is a network layer protocol that transmits message packets to report errors in processing IP packets. ICMP is therefore an integral part of the Internet Protocol.
Page 349: Table 3-19 Icmp Statistics
IP R OUTING Table 3-19 ICMP Statistics Parameter Description Messages The total number of ICMP messages which the entity received/sent. Errors The number of ICMP messages which the entity received/sent but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.).
Page 350: Figure 3-124 Icmp Statistics
ONFIGURING THE WITCH Web - Click IP, Statistics, ICMP. Figure 3-124 ICMP Statistics CLI - See the example on page 3-280. 3-286...
Page 351: Udp Statistics
IP R OUTING UDP Statistics User Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the underlying transport mechanism, providing access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets.
Page 352: Tcp Statistics
ONFIGURING THE WITCH TCP Statistics The Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched networks, and is used in conjunction with IP to support a wide variety of Internet protocols. Table 3-21 TCP Statistics Parameter Description Segments Received The total number of segments received, including those received in error.
Page 353: Configuring Static Routes
IP R OUTING Web - Click IP, Statistics, TCP. Figure 3-126 TCP Statistics CLI - See the example on page 3-280. Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP or OSPF). However, you can also manually enter static routes in the routing table.
Page 354: Displaying The Routing Table
ONFIGURING THE WITCH Web - Click IP, Routing, Static Routes. Figure 3-127 IP Static Routes CLI - This example forwards all traffic for subnet 192.168.1.0 to the router 192.168.5.254, using the default metric of 1. Console(config)#ip route 192.168.1.0 255.255.255.0 192.168.5.254 4-319 Console(config)# Displaying the Routing Table...
Page 355: Figure 3-128 Ip Routing Table
IP R OUTING • IP Address – IP address of the destination network, subnetwork, or host. Note that the address 0.0.0.0 indicates the default gateway for this router. • Netmask – Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets.
Page 356: Configuring The Routing Information Protocol
ONFIGURING THE WITCH Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing. Routes are determined on the basis of minimizing the distance vector, or hop count, which serves as a rough estimate of transmission cost.
Page 357: Configuring General Protocol Settings
IP R OUTING • There are several serious problems with RIP that you should consider. First of all, RIP (version 1) has no knowledge of subnets, both RIP versions can take a long time to converge on a new route after the failure of a link or router during which time routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks.
Page 358: Figure 3-129 Rip General Settings
ONFIGURING THE WITCH Command Attributes Global Settings • RIP Routing Process – Enables RIP routing for all IP interfaces on the router. (Default: Disabled) • Global RIP Version – Specifies a RIP version used globally by the router. (Default: RIP Version 1) Timer Settings •...
Page 359: Specifying Network Interfaces For Rip
IP R OUTING CLI - This example sets the router to use RIP Version 2, and sets the basic timer to 15 seconds. Console(config)#router rip 4-325 Console(config-router)#version 2 4-328 Console(config-router)#timers basic 15 4-325 Console(config-router)#end Console#show rip globals 4-335 RIP Process: Enabled Update Time in Seconds: 15 Number of Route Change: 0 Number of Queries: 1...
Page 360: Configuring Network Interfaces For Rip
ONFIGURING THE WITCH Command Attributes Subnet Address – IP address of a network directly connected to this router. Web - Click Routing Protocol, RIP, Network Addresses. Add all interfaces that will participate in RIP, and click Apply. Figure 3-130 RIP Network Addresses CLI - This example includes network interface 10.1.0.0 in the RIP routing process.
Page 361 IP R OUTING Command Usage Specifying Receive and Send Protocol Types • Setting the RIP Receive Version or Send Version for an interface overrides the global setting specified by the RIP / General Settings, Global RIP Version field. • You can specify the Receive Version based on these options: - Use “RIPv1”...
Page 362 ONFIGURING THE WITCH three methods that can provide faster convergence when the network topology changes and prevent most loops from occurring: • Split Horizon – Never propagate routes back to an interface port from which they have been acquired. • Poison Reverse – Propagate routes back to an interface port from which they have been acquired, but set the distance-vector metrics to infinity.
Page 363 IP R OUTING • Send Version – The RIP version to send on an interface. - RIPv1: Sends only RIPv1 packets. - RIPv2: Sends only RIPv2 packets. - RIPv1 Compatible: Route information is broadcast to other routers with RIPv2. (Default) - Do Not Send: Does not transmit RIP updates.
Page 364: Displaying Rip Information And Statistics
ONFIGURING THE WITCH Web - Click Routing Protocol, RIP, Interface Settings. Select the RIP protocol message types that will be received and sent, the method used to provide faster convergence and prevent loopback (i.e., prevent instability in the network topology), and the authentication option and corresponding password.
Page 365: Table 3-22 Rip Information And Statistics
IP R OUTING Table 3-22 RIP Information and Statistics Parameter Description Globals RIP Routing Process Indicates if RIP has been enabled or disabled. Update Time in Seconds The interval at which RIP advertises known route information. (Default: 30 seconds) Number of Route Changes Number of times routing information has changed. Number of Queries Number of router database queries received by this router.
Page 366: Figure 3-132 Rip Statistics
ONFIGURING THE WITCH Web - Click Routing Protocol, RIP, Statistics. Figure 3-132 RIP Statistics 3-302...
Page 367: Configuring The Open Shortest Path First Protocol
IP R OUTING CLI - The information displayed by the RIP Statistics screen via the web interface can be accessed from the CLI using the following commands. Console#show rip globals 4-335 RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 4 Number of Queries: 0 Console#show ip rip configuration 4-336...
Page 368 ONFIGURING THE WITCH isolated stub area virtual link backbone normal area ASBR NSSA Autonomous System A ASBR ASBR Router external network Autonomous System B Command Usage • OSPF looks at more than just the simple hop count. When adding the shortest path to any node into the tree, the optimal path is chosen on the basis of delay, throughput and connectivity.
Page 369: Configuring General Protocol Settings
IP R OUTING • When using OSPF, you must organize your network (i.e., autonomous system) into normal, stub, or not-so-stubby areas; configure the ranges of subnet addresses that can be aggregated by link state advertisements; and configure virtual links for areas that do not have direct physical access to the OSFP backbone.
Page 370 ONFIGURING THE WITCH • Version Number – This router only supports OSPF Version 2. • Area Border Router – Indicates if this router connect directly to networks in two or more areas. area, backbone stub, An area border router runs a NSSA separate copy of the Shortest Path First algorithm, maintaining...
Page 371 IP R OUTING Default Route Information – • Originate Default Route – Generates a default external route into an autonomous system. Note that the AS Boundary Router field must be enabled, and the Advertise Default Route field properly configured. (Default: Disabled) •...
Page 372: Figure 3-133 Ospf General Configuration
ONFIGURING THE WITCH Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global parameters as required, and click Apply. Figure 3-133 OSPF General Configuration CLI - This example configures the router with the same settings as shown in the screen capture for the web interface.
Page 373: Configuring Ospf Areas
IP R OUTING Configuring OSPF Areas An autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0. By default, all other areas are created as normal transit areas. Routers in a normal area may import or export routing information about individual nodes.
Page 374 ONFIGURING THE WITCH • By default, a stub can only pass traffic to other areas in the autonomous system via the default external route. However, you also can configure an area border router to send Type 3 summary link advertisements into the stub.
Page 375 IP R OUTING Command Usage • Before you create a stub or NSSA, first specify the address range for an area using the Network Area Address Configuration screen (page 3-323). • Stubs and NSSAs cannot be used as a transit area, and should therefore be placed at the edge of the routing domain.
Page 376: Figure 3-134 Ospf Area Configuration
ONFIGURING THE WITCH Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for the default summary route sent into a stub, and click Apply. Figure 3-134 OSPF Area Configuration CLI - This example configures area 0.0.0.1 as a normal area, area 0.0.0.2 as a stub, and area 0.0.0.3 as an NSSA.
Page 377: Configuring Area Ranges
IP R OUTING Console#show ip ospf 4-364 Routing Process with ID 192.168.1.253 Supports only single TOS(TOS0) route Number of area in this router is 3 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 40 times Area 0.0.0.2 (STUB) Number of interfaces in this area is 1 SPF algorithm executed 8 times...
Page 378: Figure 3-135 Ospf Range Configuration
ONFIGURING THE WITCH Command Attributes • Area ID – Identifies an area for which the routes are summarized. (The area ID must be in the form of an IP address.) • Range Network – Base address for the routes to summarize. •...
Page 379: Configuring Ospf Interfaces
IP R OUTING CLI - This example summarizes all the routes for area 1. Note that the default for the area range command is to advertise the route summary. The configured summary route is shown in the list of information displayed for area 1.
Page 380 ONFIGURING THE WITCH Field Attributes OSPF Interface List • VLAN ID – The VLAN to which an IP interface has been assigned. • Interface IP – The IP interface associated with the selected VLAN. • Area ID – The area to which this interface has been assigned. •...
Page 381 IP R OUTING interface when estimating this delay. Set the transmit delay according to link speed, using larger values for lower-speed links. - The transmit delay must be the same for all routers in an autonomous system. - On slow links, the router may send packets more quickly than devices can receive them.
Page 382 ONFIGURING THE WITCH - Routes are subsequently assigned a metric equal to the sum of all metrics for each interface link in the route. • Authentication Type – Specifies the authentication type used for an interface. (Options: None, Simple password, MD5; Default: None) - Use authentication to prevent routers from inadvertently joining an unauthorized area.
Page 383: Figure 3-136 Ospf Interface Configuration
IP R OUTING incoming packets. Neighbor routers must use the same key identifier and key value. - When changing to a new key, the router will send multiple copies of all protocol messages, one with the old key and another with the new key.
Page 384: Figure 3-137 Ospf Interface Configuration - Detailed
ONFIGURING THE WITCH Change any of the interface-specific protocol parameters, and then click Apply. Figure 3-137 OSPF Interface Configuration - Detailed CLI - This example configures the interface parameters for VLAN 1. Console(config)#interface vlan 1 Console(config-if)#ip ospf priority 5 4-361 Console(config-if)#ip ospf transmit-delay 6 4-363 Console(config-if)#ip ospf retransmit-interval 7...
Page 385: Configuring Virtual Links
IP R OUTING Configuring Virtual Links All OSPF areas must connect to the backbone. If an area does not have a isolated direct physical connection to area the backbone, you can configure a virtual link that provides a logical path to the virtual backbone.
Page 386: Figure 3-138 Ospf Virtual Link Configuration
ONFIGURING THE WITCH Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neighbor Router ID, configure the link attributes, and click Add. To modify the settings for an existing link, click the Detail button for the required entry, modify the link settings, and click Set.

This manual is also suitable for:

Smc8724ml3 8724ml3 - annexe 1 8748ml3 - annexe 1 Tigerstack 1000